Action not permitted
Modal body text goes here.
cve-2021-31525
Vulnerability from cvelistv5
Published
2021-05-27 12:17
Modified
2024-08-03 23:03
Severity
Summary
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
References
Source | URL | Tags |
---|---|---|
cve@mitre.org | https://github.com/golang/go/issues/45710 | Issue Tracking, Patch, Third Party Advisory |
cve@mitre.org | https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc | Mailing List, Third Party Advisory |
cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/ | |
cve@mitre.org | https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:03:33.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/golang/go/issues/45710" }, { "name": "FEDORA-2021-ee3c072cd0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-04T15:07:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/golang/go/issues/45710" }, { "name": "FEDORA-2021-ee3c072cd0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "name": "https://github.com/golang/go/issues/45710", "refsource": "MISC", "url": "https://github.com/golang/go/issues/45710" }, { "name": "FEDORA-2021-ee3c072cd0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31525", "datePublished": "2021-05-27T12:17:11", "dateReserved": "2021-04-21T00:00:00", "dateUpdated": "2024-08-03T23:03:33.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-31525\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-27T13:15:08.207\",\"lastModified\":\"2023-11-07T03:34:58.303\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.\"},{\"lang\":\"es\",\"value\":\"net/http en Go versiones anteriores a 1.15.12 y versiones 1.16.x anteriores a 1.16.4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e1nico) por medio de un encabezado grande en los par\u00e1metros ReadRequest o ReadResponse.\u0026#xa0;El Servidor, el Transporte y el Cliente pueden estar afectados en algunas configuraciones\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":2.6},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.12\",\"matchCriteriaId\":\"DCA080B5-DEFB-462A-8908-2EBD5D2075D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.4\",\"matchCriteriaId\":\"644F0433-E29C-4748-BDA9-5332DF7CBE14\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/golang/go/issues/45710\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-02\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhea-2021_2679
Vulnerability from csaf_redhat
Published
2021-07-08 18:40
Modified
2024-09-18 04:08
Summary
Red Hat Enhancement Advisory: ACS 3.62 enhancement update
Notes
Topic
Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.
Details
To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases.", "title": "Topic" }, { "category": "general", "text": "To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 and above. This will simplify operational the experience by standardizing installation methods through the Operator Framework.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHEA-2021:2679", "url": "https://access.redhat.com/errata/RHEA-2021:2679" }, { "category": "external", "summary": "http://docs.openshift.com/acs/welcome/", "url": "http://docs.openshift.com/acs/welcome/" }, { "category": "external", "summary": "ROX-9384", "url": "https://issues.redhat.com/browse/ROX-9384" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhea-2021_2679.json" } ], "title": "Red Hat Enhancement Advisory: ACS 3.62 enhancement update", "tracking": { "current_release_date": "2024-09-18T04:08:18+00:00", "generator": { "date": "2024-09-18T04:08:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHEA-2021:2679", "initial_release_date": "2021-07-08T18:40:34+00:00", "revision_history": [ { "date": "2021-07-08T18:40:34+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-08T18:40:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:08:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 3.62 for RHEL 8", "product": { "name": "RHACS 3.62 for RHEL 8", "product_id": "8Base-RHACS-3.62", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:3.62::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.62.0-4" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.62.0-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64 as a component of RHACS 3.62 for RHEL 8", "product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64", "relates_to_product_reference": "8Base-RHACS-3.62" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64 as a component of RHACS 3.62 for RHEL 8", "product_id": "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64", "relates_to_product_reference": "8Base-RHACS-3.62" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64" ], "known_not_affected": [ "8Base-RHACS-3.62:advanced-cluster-security/rhacs-operator-bundle@sha256:6cdcf20771f9c46640b466f804190d00eaf2e59caee6d420436e78b283d177bf_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "The RHACS Operator will enable teams to:\n\n1. Speed up the time to show security value using one-click installation procedures in the OpenShift console\n2. Reduce the need for complex configuration procedures\n3. Embrace GitOps practices by using simplified configuration as yaml", "product_ids": [ "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHEA-2021:2679" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-3.62:advanced-cluster-security/rhacs-rhel8-operator@sha256:b7dfdfd977c1bbb0dbb1c7e5a0d2c023e1bd9d28859c2faa4598f8815b86d188_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
rhsa-2021_3487
Vulnerability from csaf_redhat
Published
2021-09-15 13:41
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update
Notes
Topic
An update for etcd is now available for Red Hat OpenStack Platform 16.2
(Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
A highly-available key value store for shared configuration
Security Fix(es):
* net/http: panic in ReadRequest and ReadResponse when reading a very large
header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for etcd is now available for Red Hat OpenStack Platform 16.2\n(Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* net/http: panic in ReadRequest and ReadResponse when reading a very large\nheader (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3487", "url": "https://access.redhat.com/errata/RHSA-2021:3487" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3487.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update", "tracking": { "current_release_date": "2024-09-18T04:19:53+00:00", "generator": { "date": "2024-09-18T04:19:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3487", "initial_release_date": "2021-09-15T13:41:24+00:00", "revision_history": [ { "date": "2021-09-15T13:41:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-09-15T13:41:24+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform 16.2", "product": { "name": "Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.2::el8" } } } ], "category": "product_family", "name": "Red Hat OpenStack Platform" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.src", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.src", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-3.1.el8ost.1?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-3.1.el8ost.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-3.1.el8ost.1?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-3.1.el8ost.1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.src as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.src", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.2", "product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3487" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3487" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3487" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3487" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.2:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" } ] }
rhsa-2021_4104
Vulnerability from csaf_redhat
Published
2021-11-02 15:55
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.9.0 images:
RHEL-8-CNV-4.9
==============
kubevirt-v2v-conversion-container-v4.9.0-9
vm-import-controller-container-v4.9.0-15
cnv-containernetworking-plugins-container-v4.9.0-15
kubemacpool-container-v4.9.0-18
virtio-win-container-v4.9.0-8
vm-import-operator-container-v4.9.0-15
kubevirt-vmware-container-v4.9.0-8
kubevirt-template-validator-container-v4.9.0-14
cluster-network-addons-operator-container-v4.9.0-26
kubernetes-nmstate-handler-container-v4.9.0-25
node-maintenance-operator-container-v4.9.0-13
hostpath-provisioner-container-v4.9.0-6
bridge-marker-container-v4.9.0-13
kubevirt-ssp-operator-container-v4.9.0-28
ovs-cni-marker-container-v4.9.0-16
ovs-cni-plugin-container-v4.9.0-16
vm-import-virtv2v-container-v4.9.0-15
virt-cdi-apiserver-container-v4.9.0-35
virt-cdi-cloner-container-v4.9.0-35
virt-cdi-uploadproxy-container-v4.9.0-35
virt-cdi-controller-container-v4.9.0-35
hostpath-provisioner-operator-container-v4.9.0-15
virt-cdi-importer-container-v4.9.0-35
virt-cdi-uploadserver-container-v4.9.0-35
virt-cdi-operator-container-v4.9.0-35
virt-launcher-container-v4.9.0-58
virt-api-container-v4.9.0-58
virt-handler-container-v4.9.0-58
virt-operator-container-v4.9.0-58
virt-controller-container-v4.9.0-58
virt-artifacts-server-container-v4.9.0-58
libguestfs-tools-container-v4.9.0-58
cnv-must-gather-container-v4.9.0-54
hyperconverged-cluster-operator-container-v4.9.0-57
hyperconverged-cluster-webhook-container-v4.9.0-57
hco-bundle-registry-container-v4.9.0-249
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.0 images:\n\nRHEL-8-CNV-4.9\n==============\nkubevirt-v2v-conversion-container-v4.9.0-9\nvm-import-controller-container-v4.9.0-15\ncnv-containernetworking-plugins-container-v4.9.0-15\nkubemacpool-container-v4.9.0-18\nvirtio-win-container-v4.9.0-8\nvm-import-operator-container-v4.9.0-15\nkubevirt-vmware-container-v4.9.0-8\nkubevirt-template-validator-container-v4.9.0-14\ncluster-network-addons-operator-container-v4.9.0-26\nkubernetes-nmstate-handler-container-v4.9.0-25\nnode-maintenance-operator-container-v4.9.0-13\nhostpath-provisioner-container-v4.9.0-6\nbridge-marker-container-v4.9.0-13\nkubevirt-ssp-operator-container-v4.9.0-28\novs-cni-marker-container-v4.9.0-16\novs-cni-plugin-container-v4.9.0-16\nvm-import-virtv2v-container-v4.9.0-15\nvirt-cdi-apiserver-container-v4.9.0-35\nvirt-cdi-cloner-container-v4.9.0-35\nvirt-cdi-uploadproxy-container-v4.9.0-35\nvirt-cdi-controller-container-v4.9.0-35\nhostpath-provisioner-operator-container-v4.9.0-15\nvirt-cdi-importer-container-v4.9.0-35\nvirt-cdi-uploadserver-container-v4.9.0-35\nvirt-cdi-operator-container-v4.9.0-35\nvirt-launcher-container-v4.9.0-58\nvirt-api-container-v4.9.0-58\nvirt-handler-container-v4.9.0-58\nvirt-operator-container-v4.9.0-58\nvirt-controller-container-v4.9.0-58\nvirt-artifacts-server-container-v4.9.0-58\nlibguestfs-tools-container-v4.9.0-58\ncnv-must-gather-container-v4.9.0-54\nhyperconverged-cluster-operator-container-v4.9.0-57\nhyperconverged-cluster-webhook-container-v4.9.0-57\nhco-bundle-registry-container-v4.9.0-249\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4104", "url": "https://access.redhat.com/errata/RHSA-2021:4104" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1858777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858777" }, { "category": "external", "summary": "1891921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891921" }, { "category": "external", "summary": "1896469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896469" }, { "category": "external", "summary": "1903687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903687" }, { "category": "external", "summary": "1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "1933043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933043" }, { "category": "external", "summary": "1935219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935219" }, { "category": "external", "summary": "1942726", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942726" }, { "category": "external", "summary": "1943164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943164" }, { "category": "external", "summary": "1945589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945589" }, { "category": "external", "summary": "1953481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953481" }, { "category": "external", "summary": "1953483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953483" }, { "category": "external", "summary": "1953484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953484" }, { "category": "external", "summary": "1955129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955129" }, { "category": "external", "summary": "1957852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957852" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1963963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963963" }, { "category": "external", "summary": "1965050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965050" }, { "category": "external", "summary": "1973852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973852" }, { "category": "external", "summary": "1976604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976604" }, { "category": "external", "summary": "1976730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976730" }, { "category": "external", "summary": "1979631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979631" }, { "category": "external", "summary": "1979659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979659" }, { "category": "external", "summary": "1981345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981345" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1985083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985083" }, { "category": "external", "summary": "1985649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985649" }, { "category": "external", "summary": "1985670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985670" }, { "category": "external", "summary": "1985719", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985719" }, { "category": "external", "summary": "1989176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989176" }, { "category": "external", "summary": "1989263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989263" }, { "category": "external", "summary": "1989269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989269" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1991691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991691" }, { "category": "external", "summary": "1992608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992608" }, { "category": "external", "summary": "1993121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993121" }, { "category": "external", "summary": "1994389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994389" }, { "category": "external", "summary": "1995295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995295" }, { "category": "external", "summary": "1996407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996407" }, { "category": "external", "summary": "1997014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997014" }, { "category": "external", "summary": "1998054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998054" }, { "category": "external", "summary": "1998656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998656" }, { "category": "external", "summary": "1999571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999571" }, { "category": "external", "summary": "1999617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999617" }, { "category": "external", "summary": "1999835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999835" }, { "category": "external", "summary": "2000052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000052" }, { "category": "external", "summary": "2000204", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000204" }, { "category": "external", "summary": "2001041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001041" }, { "category": "external", "summary": "2001047", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001047" }, { "category": "external", "summary": "2003473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003473" }, { "category": "external", "summary": "2005695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005695" }, { "category": "external", "summary": "2006418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006418" }, { "category": "external", "summary": "2008900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008900" }, { "category": "external", "summary": "2010742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010742" }, { "category": "external", "summary": "2011179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011179" }, { "category": "external", "summary": "2017394", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017394" }, { "category": "external", "summary": "2018521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018521" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_4104.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.0 Images security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:20:06+00:00", "generator": { "date": "2024-09-18T04:20:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:4104", "initial_release_date": "2021-11-02T15:55:53+00:00", "revision_history": [ { "date": "2021-11-02T15:55:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-02T15:55:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.9 for RHEL 8", "product": { "name": "CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.0-13" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.0-27" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.0-15" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.0-60" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.0-266" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.0-6" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.0-15" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.0-19" } } }, { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.0-25" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.0-28" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.0-14" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "product": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.0-9" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "product": { "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "product_id": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.0-8" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product_id": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools-rhel8\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.0-13" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "product_id": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product_id": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel8\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.0-37" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.0-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.0-61" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "product": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64", "product": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64", "product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.0-16" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64" }, "product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64" }, "product_reference": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64" }, "product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" }, "product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921650" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "RHBZ#1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4104" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_4103
Vulnerability from csaf_redhat
Published
2021-11-02 17:36
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.0 RPMs security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.9.0 RPMs.
Security Fix(es):
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. \n\nThis advisory contains OpenShift Virtualization 4.9.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4103", "url": "https://access.redhat.com/errata/RHSA-2021:4103" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1981345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981345" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_4103.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.0 RPMs security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:20:13+00:00", "generator": { "date": "2024-09-18T04:20:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:4103", "initial_release_date": "2021-11-02T17:36:11+00:00", "revision_history": [ { "date": "2021-11-02T17:36:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-02T17:36:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.9 for RHEL 7", "product": { "name": "CNV 4.9 for RHEL 7", "product_id": "7Server-CNV-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el7" } } }, { "category": "product_name", "name": "CNV 4.9 for RHEL 8", "product": { "name": "CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "kubevirt-0:4.9.0-287.el7.src", "product": { "name": "kubevirt-0:4.9.0-287.el7.src", "product_id": "kubevirt-0:4.9.0-287.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt@4.9.0-287.el7?arch=src" } } }, { "category": "product_version", "name": "kubevirt-0:4.9.0-287.el8.src", "product": { "name": "kubevirt-0:4.9.0-287.el8.src", "product_id": "kubevirt-0:4.9.0-287.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt@4.9.0-287.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "product": { "name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "product_id": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt-virtctl@4.9.0-287.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "product": { "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "product_id": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.9.0-287.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "product": { "name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "product_id": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt-virtctl@4.9.0-287.el8?arch=x86_64" } } }, { "category": "product_version", "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64", "product": { "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64", "product_id": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.9.0-287.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kubevirt-0:4.9.0-287.el7.src as a component of CNV 4.9 for RHEL 7", "product_id": "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src" }, "product_reference": "kubevirt-0:4.9.0-287.el7.src", "relates_to_product_reference": "7Server-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64 as a component of CNV 4.9 for RHEL 7", "product_id": "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64" }, "product_reference": "kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "relates_to_product_reference": "7Server-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64 as a component of CNV 4.9 for RHEL 7", "product_id": "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64" }, "product_reference": "kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "relates_to_product_reference": "7Server-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "kubevirt-0:4.9.0-287.el8.src as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src" }, "product_reference": "kubevirt-0:4.9.0-287.el8.src", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64" }, "product_reference": "kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" }, "product_reference": "kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64", "relates_to_product_reference": "8Base-CNV-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-15586", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856953" } ], "notes": [ { "category": "description", "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15586" }, { "category": "external", "summary": "RHBZ#1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ", "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ" } ], "release_date": "2020-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4103" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS" }, { "cve": "CVE-2020-16845", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-08-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1867099" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16845" }, { "category": "external", "summary": "RHBZ#1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo", "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4103" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs" }, { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1918750" } ], "notes": [ { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "RHBZ#1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" } ], "release_date": "2021-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4103" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4103" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-CNV-4.9:kubevirt-0:4.9.0-287.el7.src", "7Server-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el7.x86_64", "7Server-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el7.x86_64", "8Base-CNV-4.9:kubevirt-0:4.9.0-287.el8.src", "8Base-CNV-4.9:kubevirt-virtctl-0:4.9.0-287.el8.x86_64", "8Base-CNV-4.9:kubevirt-virtctl-redistributable-0:4.9.0-287.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
rhsa-2021_3733
Vulnerability from csaf_redhat
Published
2021-10-06 09:28
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: OpenShift Virtualization 2.6.7 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 2.6.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.6.7 images:
RHEL-8-CNV-2.6
==============
kubevirt-cpu-node-labeller-container-v2.6.7-1
virtio-win-container-v2.6.7-1
kubevirt-kvm-info-nfd-plugin-container-v2.6.7-1
hyperconverged-cluster-webhook-container-v2.6.7-1
hyperconverged-cluster-operator-container-v2.6.7-1
kubevirt-cpu-model-nfd-plugin-container-v2.6.7-1
hostpath-provisioner-container-v2.6.7-1
hostpath-provisioner-operator-container-v2.6.7-1
kubevirt-vmware-container-v2.6.7-1
node-maintenance-operator-container-v2.6.7-1
bridge-marker-container-v2.6.7-2
cnv-containernetworking-plugins-container-v2.6.7-2
kubevirt-template-validator-container-v2.6.7-2
ovs-cni-marker-container-v2.6.7-2
kubernetes-nmstate-handler-container-v2.6.7-3
kubemacpool-container-v2.6.7-2
cluster-network-addons-operator-container-v2.6.7-3
ovs-cni-plugin-container-v2.6.7-2
kubevirt-ssp-operator-container-v2.6.7-1
vm-import-operator-container-v2.6.7-5
vm-import-controller-container-v2.6.7-5
vm-import-virtv2v-container-v2.6.7-5
virt-cdi-apiserver-container-v2.6.7-2
virt-cdi-uploadproxy-container-v2.6.7-2
virt-cdi-operator-container-v2.6.7-2
virt-cdi-cloner-container-v2.6.7-2
kubevirt-v2v-conversion-container-v2.6.7-2
virt-cdi-controller-container-v2.6.7-2
virt-cdi-importer-container-v2.6.7-2
virt-cdi-uploadserver-container-v2.6.7-2
virt-controller-container-v2.6.7-6
virt-api-container-v2.6.7-6
virt-operator-container-v2.6.7-6
virt-handler-container-v2.6.7-6
virt-launcher-container-v2.6.7-6
cnv-must-gather-container-v2.6.7-7
hco-bundle-registry-container-v2.6.7-41
Security Fix(es):
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 2.6.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 2.6.7 images:\n\nRHEL-8-CNV-2.6\n==============\n\nkubevirt-cpu-node-labeller-container-v2.6.7-1\nvirtio-win-container-v2.6.7-1\nkubevirt-kvm-info-nfd-plugin-container-v2.6.7-1\nhyperconverged-cluster-webhook-container-v2.6.7-1\nhyperconverged-cluster-operator-container-v2.6.7-1\nkubevirt-cpu-model-nfd-plugin-container-v2.6.7-1\nhostpath-provisioner-container-v2.6.7-1\nhostpath-provisioner-operator-container-v2.6.7-1\nkubevirt-vmware-container-v2.6.7-1\nnode-maintenance-operator-container-v2.6.7-1\nbridge-marker-container-v2.6.7-2\ncnv-containernetworking-plugins-container-v2.6.7-2\nkubevirt-template-validator-container-v2.6.7-2\novs-cni-marker-container-v2.6.7-2\nkubernetes-nmstate-handler-container-v2.6.7-3\nkubemacpool-container-v2.6.7-2\ncluster-network-addons-operator-container-v2.6.7-3\novs-cni-plugin-container-v2.6.7-2\nkubevirt-ssp-operator-container-v2.6.7-1\nvm-import-operator-container-v2.6.7-5\nvm-import-controller-container-v2.6.7-5\nvm-import-virtv2v-container-v2.6.7-5\nvirt-cdi-apiserver-container-v2.6.7-2\nvirt-cdi-uploadproxy-container-v2.6.7-2\nvirt-cdi-operator-container-v2.6.7-2\nvirt-cdi-cloner-container-v2.6.7-2\nkubevirt-v2v-conversion-container-v2.6.7-2\nvirt-cdi-controller-container-v2.6.7-2\nvirt-cdi-importer-container-v2.6.7-2\nvirt-cdi-uploadserver-container-v2.6.7-2\nvirt-controller-container-v2.6.7-6\nvirt-api-container-v2.6.7-6\nvirt-operator-container-v2.6.7-6\nvirt-handler-container-v2.6.7-6\nvirt-launcher-container-v2.6.7-6\ncnv-must-gather-container-v2.6.7-7\nhco-bundle-registry-container-v2.6.7-41\n\nSecurity Fix(es):\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3733", "url": "https://access.redhat.com/errata/RHSA-2021:3733" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1987262", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987262" }, { "category": "external", "summary": "1990560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990560" }, { "category": "external", "summary": "1991906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991906" }, { "category": "external", "summary": "1995132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995132" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3733.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 2.6.7 Images security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:19:39+00:00", "generator": { "date": "2024-09-18T04:19:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3733", "initial_release_date": "2021-10-06T09:28:41+00:00", "revision_history": [ { "date": "2021-10-06T09:28:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-10-06T09:28:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 2.6 for RHEL 8", "product": { "name": "CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:2.6::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "product": { "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.6.7-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "product": { "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.6.7-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "product": { "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.6.7-1" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product": { "name": "container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product_id": "container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller\u0026tag=v2.6.7-5" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v2.6.7-5" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64" }, "product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64" }, "product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64" }, "product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "relates_to_product_reference": "8Base-CNV-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64 as a component of CNV 2.6 for RHEL 8", "product_id": "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "relates_to_product_reference": "8Base-CNV-2.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3733" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3733" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:59070d43607b341ecaa9a65f999fed06ef03885035fa3deef0f2f3a7b9287d13_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:11940ade61478e72b11faa3806967583c00779718206953e606025dd8a094c57_amd64", "8Base-CNV-2.6:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:6a4d596992e1b1a028756ed9d8c4b3acc6ef61bd510a890ab61d8ab35cbe3331_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller-rhel8@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64", "8Base-CNV-2.6:container-native-virtualization/vm-import-controller@sha256:b0cdc6f7ce1e48a77fa1e1b683e386828dd9973872a03ac9f2a7c21efa0eef40_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_3556
Vulnerability from csaf_redhat
Published
2021-09-16 18:38
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: Release of OpenShift Serverless 1.17.0
Notes
Topic
Release of OpenShift Serverless 1.17.0
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless
Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.
Security Fix(es):
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic
(CVE-2021-34558)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703).
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Release of OpenShift Serverless 1.17.0\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless\nOperator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nIt was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703).\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3556", "url": "https://access.redhat.com/errata/RHSA-2021:3556" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1983651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983651" }, { "category": "external", "summary": "1983654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983654" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1992955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3556.json" } ], "title": "Red Hat Security Advisory: Release of OpenShift Serverless 1.17.0", "tracking": { "current_release_date": "2024-09-18T04:20:08+00:00", "generator": { "date": "2024-09-18T04:20:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3556", "initial_release_date": "2021-09-16T18:38:06+00:00", "revision_history": [ { "date": "2021-09-16T18:38:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-09-16T18:38:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Serverless 1.17", "product": { "name": "Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17", "product_identification_helper": { "cpe": "cpe:/a:redhat:serverless:1.17::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Serverless" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.23.2-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.23.2-1" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.23.1-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.23.2-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.23.2-1" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "product": { "name": "openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "product_id": "openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "product_identification_helper": { "purl": "pkg:oci/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-operator-bundle\u0026tag=1.17.0-11" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.23.1-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.23.2-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.23.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.23.2-1" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.23.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.17.0-5" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.23.1-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.23.1-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64" }, "product_reference": "openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64 as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le as a component of Red Hat OpenShift Serverless 1.17", "product_id": "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.17" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3703", "discovery_date": "2021-08-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992955" } ], "notes": [ { "category": "description", "text": "CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196", "title": "Vulnerability summary" }, { "category": "other", "text": "The flaw is moderate as the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 are moderate. The score is assigned as per the highest score given in CVE-2021-27918 and CVE-2021-33196.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3703" }, { "category": "external", "summary": "RHBZ#1992955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3703", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3703" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3703", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3703" } ], "release_date": "2021-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196" }, { "cve": "CVE-2021-27918", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937901" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27918" }, { "category": "external", "summary": "RHBZ#1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw", "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3556" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:34b135169d199195f822744cac8b63c044d1bd7f1822441ce6efa3bbda64df02_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:4269e0385e4b96143b2ce475d732dbc5dafdc2e147b5fa8ab2f5b0500a51bbaa_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/client-kn-rhel8@sha256:b18b0511a26fb96a857e1ba3d8852cd6ebc31f3b21584e0f3786d89abf7dfa96_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:0a7f4f8a9518619b4162ecdf8b98232337d188f2d82335a9c5485ba1496892e9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:8988c3fd4e9b7d0c2fdac7376e05070d7498cefd79d3f9cb81f4aa55b037a47a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:dae731f1dccf0fa4936c3351fca24826b2ff7c8079fbcf5ae9e0f586c0b9923b_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:0d11ff784c05895b0c916b2c70031481367a4c49009432768a7a3c418f85bd0e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:da09e0156dea2f3901a09d0d94a517a2091e3fb18f4c63b501792991a3ab0ac2_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-controller-rhel8@sha256:fbaf9fb8e056c7c46ed1d521164f029e68587d34f40605dad2e1e573c22c908a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:c16cab4f04c74c5b9723a3b712299e7acd4f408609db9765d7af3e54ac932f86_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:d70d52b780854d4c62b56dbe3e6abe55fd066b9893f5983c8799400cd5d1f02a_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:e250f39c1e6ce3d97177e55dffe935346fd6b5d76dee489e96d4e561beb216a8_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1ac479c08fc69742d2d27770c4af88f565c896b875be92d1d39ac4d155e2d125_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:61c68406601874a2725b4f03ff9e3a4b60a7fd2782ed36218322040bd39ae783_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:f3946ea3cd561a2b8aab6b2217340bd1b7cc749c281be0232f1318dbabaf4deb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:2b9cdeb0ad1f47ba71113023ee42d11a1611c805aeb24e811679df20e03d7be5_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:b87165f15578a234687f6c12491098929bcc99765b434c0f6ca174773ff7f218_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:ecf17d2c637ea572a389c2b6063f864f36731207a6caf1286af4f757c21e8d00_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:2c136e6d0639500a5358f3bab80a8115c9e7d4e8117cbcc47af5edfae3ecdc6f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:46214ff349eacde93dc734fcafc431d8b759bd4085ebd4865a857a640babcda3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d24bc619dbbc7ab3cef56716eff20a7d981a17550cca1366226fd457913d7e71_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:14ed4104b5c777297cd01f2ac0944297a00957b46294b2a43c20ae5b42ea9939_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e47b2304960a493575d0d906d1f36e9b36074a635027e79549e9180decc8385d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:f66340f961a3780dac832556f2fa6052525df18517b416b583b60830693952e7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:1cbe524e86c2ce4d3aca4f0e9cb457a904e0a42967f887486b7d050340c304bb_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:2985f25a55bbef3e9b1132df3f732afeb1a9b20aa7e2b9a81f0ccfb5ae67af20_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-mtping-rhel8@sha256:8ee9cb3b5c6d7e4813e4b7646c63cc244025236499f0d86280df350d106b5913_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:411c2642b1fdd7d360507a97a0982c6aa7b1ffb1041d2d494e03ce4eb3e13892_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:50ae3b13082a4d4e78b4779129959f20dad9c806bd740a8cec92cc72161df3a9_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:fd5335de5fb3385616c80804a1490ef3e748ce1a722b58127e82c67557837ad0_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:3e6131b6422bf49885b0e793d028f579e6ba34203b931ddde18c3536b85f512f_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:44a79914d8295611fefdf752dbf705b1a803dca838f4996347c34eb371d5e987_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:cddb057d9b742bcf7417b57b8aa8e9f12ca860f9620082af286ee141491d7032_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:1033a2a20c522724ec74d8d8dc3caf9b6fdfd303981bde57c90ae3d96e0b7bb4_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:40df3b1ada84ee023135f17da714a80d10b8ef334457d77fb231cf162576cd46_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/eventing-webhook-rhel8@sha256:b9a035b796c150dcafa1abdd614aff3792475b3627c867324b96c9fcda205181_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:54acf59baba701b58d26ecdd725c476e1b9bb78cc5ead3dfd38984a92b23c9de_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:91a80f777f622696eeebc329149b46cdf6ce0cd0a8143ff9f33b9af16c16d94f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/ingress-rhel8-operator@sha256:c6de150fe6959815595f106c2542b677f54fc7003803e744736926e13516135e_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2f9791c53e90c1ead14bfb641e3700968cac609df01034ae19758d7bc102997c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:7a83deaca80790f7cdf467dcfd528f2a30e01d88f927a2f1cc67aa23b5d94279_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:8523d48f47197c7619ec297fe8bbeec32cb78208690afa87fe2a68e6d057a878_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:0bd886e5ef8beafb4a0a2f1f50063081ad6e19637144f1fe8d8771cf5b31af06_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:57669ed17a2880a686fffa289b19f4d4aba662735a379562d0ff44daea6dbd71_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/knative-rhel8-operator@sha256:fe4cb08577e57fc7048ec014346dc809cd84eb1b47f75e0dc11b4156b44e9879_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:59fe5a01f4406267a8eb8afc4faf6c573792832dc4a180f4903fab684a029052_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:b97b3dbb2589c4ff15a13eb1316727c027a8095e503e7869b6ea4f251179eb49_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/kourier-control-rhel8@sha256:ea26c89440bbf4ef35cb4ec26cb9a6fe4ed9f4c5612390ef7a7313cc9a043b5f_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:6a79e6b485e1a8412027a949f405d98e974813e24aa793ba975bfa02c792f098_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:afc4d2975c6f9296b0be78fd41f7efe660266f233c93c9436425fb03889ccfc1_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-controller-rhel8@sha256:ce414a80f6941aafa98a114b0609eba687ad4f7610b790bffd298251ac6b024e_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:72d471d1f372d35c89a300430361f0a65b38363e0cf9903c2ead5941a4c77d5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:9d1fa68939d9e2c331d1f0f7a1e3d61f5500850fb5b68c5ff45f71a055b716ba_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b9bc1c8cf1198da29ca4e74fed491852072e79989b248b18088841a8f96d338c_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-operator-bundle@sha256:66de6e7914ad3bd8c8c52aff708c496a5374ed3f1ec1aed46f48b82c64808c0b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:b89ac22bf9b545b6b49c9e539595ebce5ffa5d6fab7cdf37cdfa06ac9e05de7a_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:e4ed980ae293889d35d05d6aa5ab0bd25dc0a7a4531dded620a9665d0ab77bfa_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serverless-rhel8-operator@sha256:fdb67a6a27a35581bc53ac9600d5b0c46822a8f9219cdaaeadaff255f263bc1d_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:439e2dcad6dc4e8c824746c7048fa5883f4643187b129c67008e273313ea4cfc_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:836127ff980c2889f08b9e7b219fe6d793356350efbcad864e10fe7e83839174_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-activator-rhel8@sha256:e36f3d11270bfff6ac8a97906bd44d89e654e83310a388cf49b5965d5aaab1c2_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:124786ed8cde0f033a8eef401c9d8a466ea3e2e1c5be1d476b799a8b654330e3_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:5f3d02e3fcb6505254d7b5f0eaf060b449df7cbc8432bb80cbde82a5a3f7e47d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:9a39a4f960425440c6d11d67afd3892004c41d308c77a5080e81b6015e699378_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:00169e24353fd41b7ce18138bb9057cf418dbf4c94acc27084880bfde0a49fb1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2172797a9800b70b87518cc05ac904a9aacd586881df9c703aa4134b55209a7b_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-autoscaler-rhel8@sha256:2e4cac0a0644b5e7e47c348d4ba1627af6d25cecae25f8502cd4f6ddaa69cb99_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9d0c6badb6d716ce62900a1eff76049e9dac445f97d78ff975c3e43b7bf28629_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:9dccc39aaba0266630afbdff3c138e54d9c7ca6807adbee6fc3abc601fdb511d_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-controller-rhel8@sha256:b51c3a2a441ca3ae5a96d745b9c4c3076996230f9b27ce9e037e8218f772a43e_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:011e9b049157f8a93ec69bce996193b14a9b8b5f97569f997fedb780513cb2fe_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:a7ebe5d055b50a1502f7ea292c590c5349b2d9338c1e357aeb761d758efe56c6_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:f02422946e56f7c65f124556ee50f20748e164836c4f51bbda499654b367ac89_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:0158a3861f4c642b09bb1a413bd734541b2f1143b44e09203f168e2082aeba5d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:22a24206dfca5df7d5a77ba2fc0c86a66b6c0bac3269fc733f5b54b497eec5f1_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:c025e2d0603eb50f2aec9059a1cdf170867aaf111f705cce039da7e5e87169b8_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:3bbb27f635a679ece32a6cb2440c429c1ab6ef3689172b22e698d58230c35782_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:46161600eec382a73e4b46f4733b0afcac6f1edcf5b976b04ea0013cea854584_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-queue-rhel8@sha256:c0eec13bc316c8099de682e9859e3cebfabab034edbb51ab201a875173c3a73c_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:382b691742d1a0564ccd34969abe1cf1f2466092702fe556b2740b783b816c6d_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:7fb2f0f6c06a08e6f8956a9bbb4f3c08a727f5429f6957ec633f490dd06d9550_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:89064eb5461b7f61d3cb34d64bdc087c2e6e8e41d79b0112308fdb50843e7c63_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:a618f2b5ad6299dca910e11d8524aaefee1523910b6e7ea67f5807bcbe2b6838_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:c56f34a9e63af26e719d2ca845adad2a1c4f4d43f540e83ee31193b1cdc237f2_ppc64le", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/serving-webhook-rhel8@sha256:ce961d028d879f5923cc6f1e0cc5d0445d70dbd839349a2d008c068a9d5eccd0_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:4cc6140b9bd2ee5096e9cbb8fcb95b12ce1bbce545cd7d73179c54bbaa34a2e0_amd64", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:a946cd92cb55b4f5b3be1b6db7de35b854bb90ae29b444c45088fe25c7b70ed7_s390x", "8Base-Openshift-Serverless-1.17:openshift-serverless-1/svls-must-gather-rhel8@sha256:fff21a3900194fa6c625deb80f68a82da6856dfdfc0ea0dba12e285dccaabf27_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_2704
Vulnerability from csaf_redhat
Published
2021-07-13 16:56
Modified
2024-09-18 04:18
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0
Notes
Topic
Release of OpenShift Serverless Client kn 1.16.0
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Release of OpenShift Serverless Client kn 1.16.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2704", "url": "https://access.redhat.com/errata/RHSA-2021:2704" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" }, { "category": "external", "summary": "1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "1971449", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971449" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2704.json" } ], "title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0", "tracking": { "current_release_date": "2024-09-18T04:18:52+00:00", "generator": { "date": "2024-09-18T04:18:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:2704", "initial_release_date": "2021-07-13T16:56:14+00:00", "revision_history": [ { "date": "2021-07-13T16:56:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-13T16:56:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:18:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Serverless 1.0", "product": { "name": "Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:serverless:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Serverless" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.22.0-3.el8.src", "product": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.src", "product_id": "openshift-serverless-clients-0:0.22.0-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64", "product": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64", "product_id": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "product": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "product_id": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x", "product": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x", "product_id": "openshift-serverless-clients-0:0.22.0-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.22.0-3.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le" }, "product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.s390x as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x" }, "product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.src as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src" }, "product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.src", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" }, "product_reference": "openshift-serverless-clients-0:0.22.0-3.el8.x86_64", "relates_to_product_reference": "8Base-Openshift-Serverless-1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27918", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937901" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27918" }, { "category": "external", "summary": "RHBZ#1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw", "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2704" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.22.0-3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" } ] }
rhsa-2021_3248
Vulnerability from csaf_redhat
Published
2021-08-31 15:01
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.9 packages and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.9 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.9. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:3247
Security Fix(es):
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.9 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.9. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:3247\n\nSecurity Fix(es):\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3248", "url": "https://access.redhat.com/errata/RHSA-2021:3248" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1996683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996683" }, { "category": "external", "summary": "1996707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996707" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3248.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.9 packages and security update", "tracking": { "current_release_date": "2024-09-18T04:20:06+00:00", "generator": { "date": "2024-09-18T04:20:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3248", "initial_release_date": "2021-08-31T15:01:01+00:00", "revision_history": [ { "date": "2021-08-31T15:01:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-31T15:01:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=src" } } }, { "category": "product_version", "name": "openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "product": { "name": "openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "product_id": "openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-ironic@17.0.4-0.20210730151213.5b801be.el8?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "cri-tools-0:1.21.0-3.el8.src", "product": { "name": "cri-tools-0:1.21.0-3.el8.src", "product_id": "cri-tools-0:1.21.0-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.21.0-3.el8?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "product": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "product_id": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-4.git642a960.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el7?arch=src" } } }, { "category": "product_version", "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "product": { "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "product_id": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins@0.8.6-3.rhaos4.6.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_id": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-tools-0:1.21.0-3.el8.x86_64", "product": { "name": "cri-tools-0:1.21.0-3.el8.x86_64", "product_id": "cri-tools-0:1.21.0-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.21.0-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "product": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "product_id": "cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.21.0-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "product": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "product_id": "cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.21.0-3.el8?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product_id": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-4.git642a960.el8?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product_id": "prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-4.git642a960.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-13.rhaos4.8.git52b3f98.el7?arch=x86_64" } } }, { "category": "product_version", "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "product": { "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "product_id": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins@0.8.6-3.rhaos4.6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "product": { "name": "containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "product_id": "containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@0.8.6-3.rhaos4.6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-tools-0:1.21.0-3.el8.ppc64le", "product": { "name": "cri-tools-0:1.21.0-3.el8.ppc64le", "product_id": "cri-tools-0:1.21.0-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.21.0-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "product": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "product_id": "cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.21.0-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "product": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "product_id": "cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.21.0-3.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product_id": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-4.git642a960.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product_id": "prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-4.git642a960.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_id": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_id": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_id": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-13.rhaos4.8.git52b3f98.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-tools-0:1.21.0-3.el8.s390x", "product": { "name": "cri-tools-0:1.21.0-3.el8.s390x", "product_id": "cri-tools-0:1.21.0-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools@1.21.0-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-tools-debugsource-0:1.21.0-3.el8.s390x", "product": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.s390x", "product_id": "cri-tools-debugsource-0:1.21.0-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.21.0-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "product": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "product_id": "cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.21.0-3.el8?arch=s390x" } } }, { "category": "product_version", "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product_id": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-promu@0.5.0-4.git642a960.el8?arch=s390x" } } }, { "category": "product_version", "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product_id": "prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-promu@0.5.0-4.git642a960.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product": { "name": "openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_id": "openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-ironic-api@17.0.4-0.20210730151213.5b801be.el8?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product": { "name": "openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_id": "openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-ironic-common@17.0.4-0.20210730151213.5b801be.el8?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product": { "name": "openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_id": "openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-ironic-conductor@17.0.4-0.20210730151213.5b801be.el8?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product": { "name": "python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_id": "python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ironic-tests@17.0.4-0.20210730151213.5b801be.el8?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src" }, "product_reference": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64" }, "product_reference": "containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64" }, "product_reference": "containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64" }, "product_reference": "cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.21.0-3.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le" }, "product_reference": "cri-tools-0:1.21.0-3.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.21.0-3.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x" }, "product_reference": "cri-tools-0:1.21.0-3.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.21.0-3.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src" }, "product_reference": "cri-tools-0:1.21.0-3.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-0:1.21.0-3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64" }, "product_reference": "cri-tools-0:1.21.0-3.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le" }, "product_reference": "cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x" }, "product_reference": "cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debuginfo-0:1.21.0-3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64" }, "product_reference": "cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le" }, "product_reference": "cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x" }, "product_reference": "cri-tools-debugsource-0:1.21.0-3.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-tools-debugsource-0:1.21.0-3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64" }, "product_reference": "cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le" }, "product_reference": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x" }, "product_reference": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src" }, "product_reference": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" }, "product_reference": "golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src" }, "product_reference": "openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch" }, "product_reference": "openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch" }, "product_reference": "openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch" }, "product_reference": "openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le" }, "product_reference": "prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x" }, "product_reference": "prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" }, "product_reference": "prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" }, "product_reference": "python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3248" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openstack-ironic-1:17.0.4-0.20210730151213.5b801be.el8.src", "8Base-RHOSE-4.8:openstack-ironic-api-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-common-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:openstack-ironic-conductor-1:17.0.4-0.20210730151213.5b801be.el8.noarch", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:python3-ironic-tests-1:17.0.4-0.20210730151213.5b801be.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.src", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-0:0.8.6-3.rhaos4.6.el7.x86_64", "7Server-RH7-RHOSE-4.8:containernetworking-plugins-debuginfo-0:0.8.6-3.rhaos4.6.el7.x86_64", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.src", "8Base-RHOSE-4.8:cri-tools-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debuginfo-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.ppc64le", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.s390x", "8Base-RHOSE-4.8:cri-tools-debugsource-0:1.21.0-3.el8.x86_64", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.src", "8Base-RHOSE-4.8:golang-github-prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.ppc64le", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.s390x", "8Base-RHOSE-4.8:prometheus-promu-0:0.5.0-4.git642a960.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhba-2021_2854
Vulnerability from csaf_redhat
Published
2021-07-21 17:05
Modified
2024-09-18 04:08
Summary
Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.4.6 is now available.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.4.6 is now available.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2021:2854", "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "external", "summary": "1981537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981537" }, { "category": "external", "summary": "1981794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981794" }, { "category": "external", "summary": "MIG-752", "url": "https://issues.redhat.com/browse/MIG-752" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhba-2021_2854.json" } ], "title": "Red Hat Bug Fix Advisory: Migration Toolkit for Containers (MTC) 1.4.6 release advisory", "tracking": { "current_release_date": "2024-09-18T04:08:28+00:00", "generator": { "date": "2024-09-18T04:08:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHBA-2021:2854", "initial_release_date": "2021-07-21T17:05:20+00:00", "revision_history": [ { "date": "2021-07-21T17:05:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-21T17:05:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:08:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.4", "product": { "name": "8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.4::el8" } } }, { "category": "product_name", "name": "7Server-RHMTC-1.4", "product": { "name": "7Server-RHMTC-1.4", "product_id": "7Server-RHMTC-1.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.4::el7" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.4.6-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.4.6-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.4.6-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.4.6-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64 as a component of 7Server-RHMTC-1.4", "product_id": "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "relates_to_product_reference": "7Server-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64 as a component of 8Base-RHMTC-1.4", "product_id": "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64", "relates_to_product_reference": "8Base-RHMTC-1.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-25011", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956919" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in PutLE16()", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-25011" }, { "category": "external", "summary": "RHBZ#1956919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-25011", "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25011" } ], "release_date": "2018-07-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in PutLE16()" }, { "acknowledgments": [ { "names": [ "the Mozilla project" ] } ], "cve": "CVE-2020-25648", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2020-10-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1887319" } ], "notes": [ { "category": "description", "text": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nss: TLS 1.3 CCS flood remote DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25648" }, { "category": "external", "summary": "RHBZ#1887319", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25648", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25648" }, { "category": "external", "summary": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes", "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nss: TLS 1.3 CCS flood remote DoS Attack" }, { "cve": "CVE-2020-25692", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2020-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1894567" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "openldap: NULL pointer dereference for unauthenticated packet in slapd", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-25692" }, { "category": "external", "summary": "RHBZ#1894567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894567" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25692", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25692" } ], "release_date": "2020-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openldap: NULL pointer dereference for unauthenticated packet in slapd" }, { "cve": "CVE-2020-26541", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2020-10-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1886285" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFI_CERT_X509_GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of service problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-26541" }, { "category": "external", "summary": "RHBZ#1886285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886285" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26541", "url": "https://www.cve.org/CVERecord?id=CVE-2020-26541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26541" } ], "release_date": "2020-09-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c" }, { "cve": "CVE-2020-27216", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2020-10-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1891132" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system\u0027s temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: local temporary directory hijacking vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27216" }, { "category": "external", "summary": "RHBZ#1891132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891132" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27216", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27216" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27216" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053" } ], "release_date": "2020-10-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Jetty users should create temp folders outside the normal /tmp structure, and ensure that their permissions are set so as not to be accessible by an attacker.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: local temporary directory hijacking vulnerability" }, { "cve": "CVE-2020-27218", "cwe": { "id": "CWE-226", "name": "Sensitive Information in Resource Not Removed Before Reuse" }, "discovery_date": "2020-11-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1902826" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: buffer not correctly recycled in Gzip Request inflation", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27218" }, { "category": "external", "summary": "RHBZ#1902826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902826" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27218", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27218" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8" } ], "release_date": "2020-11-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: buffer not correctly recycled in Gzip Request inflation" }, { "cve": "CVE-2020-27223", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934116" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-27223" }, { "category": "external", "summary": "RHBZ#1934116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223", "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7" } ], "release_date": "2021-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS" }, { "cve": "CVE-2020-36328", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956829" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: heap-based buffer overflow in WebPDecode*Into functions", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36328" }, { "category": "external", "summary": "RHBZ#1956829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956829" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36328", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36328" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: heap-based buffer overflow in WebPDecode*Into functions" }, { "cve": "CVE-2020-36329", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956843" } ], "notes": [ { "category": "description", "text": "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36329" }, { "category": "external", "summary": "RHBZ#1956843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956843" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36329", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36329" } ], "release_date": "2020-02-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3516", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954225" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2\u0027s xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "The only known exploitation path of this flaw is via the xmllint tool.\n\nThis flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3516" }, { "category": "external", "summary": "RHBZ#1954225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3516", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "This flaw can be mitigated by not using xmllint with the --html and --push options together.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3517", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954232" } ], "notes": [ { "category": "description", "text": "There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3517" }, { "category": "external", "summary": "RHBZ#1954232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c" }, { "acknowledgments": [ { "names": [ "zodf0055980" ], "organization": "SQLab NCTU Taiwan" } ], "cve": "CVE-2021-3518", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954242" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3518" }, { "category": "external", "summary": "RHBZ#1954242", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3518", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c" }, { "cve": "CVE-2021-3520", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1954559" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", "title": "Vulnerability description" }, { "category": "summary", "text": "lz4: memory corruption due to an integer overflow bug caused by memmove argument", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for Red Hat Enterprise Linux 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3520" }, { "category": "external", "summary": "RHBZ#1954559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3520", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3520" } ], "release_date": "2021-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "lz4: memory corruption due to an integer overflow bug caused by memmove argument" }, { "acknowledgments": [ { "names": [ "yuawn" ], "organization": "NSLab NTU Taiwan" } ], "cve": "CVE-2021-3537", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2021-05-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956522" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode", "title": "Vulnerability summary" }, { "category": "other", "text": "For the flaw to be exploitable, the document must be parsed in recovery mode and post validated (e.g.: when used in the `xmlling` tool, both `-recover` and `-postvalid` options must be used for the flaw to be exploitable)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3537" }, { "category": "external", "summary": "RHBZ#1956522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3537", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" } ], "release_date": "2021-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode" }, { "acknowledgments": [ { "names": [ "Sebastian Pipping" ] } ], "cve": "CVE-2021-3541", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1950515" } ], "notes": [ { "category": "description", "text": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3541" }, { "category": "external", "summary": "RHBZ#1950515", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3541", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" } ], "release_date": "2021-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms" }, { "acknowledgments": [ { "names": [ "Demi M. Obenour" ] } ], "cve": "CVE-2021-20271", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2021-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1934125" } ], "notes": [ { "category": "description", "text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "rpm: Signature checks bypass via corrupted rpm package", "title": "Vulnerability summary" }, { "category": "other", "text": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20271" }, { "category": "external", "summary": "RHBZ#1934125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20271", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20271" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271" } ], "release_date": "2021-03-11T22:53:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rpm: Signature checks bypass via corrupted rpm package" }, { "cve": "CVE-2021-21642", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952146" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn\u0027t configure to prevent XML external entity (XXE) attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21642" }, { "category": "external", "summary": "RHBZ#1952146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952146" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21642", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21642" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21642" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204", "url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2204" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks." }, { "cve": "CVE-2021-21643", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952148" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21643" }, { "category": "external", "summary": "RHBZ#1952148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952148" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21643", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21643" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21643" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254", "url": "https://www.jenkins.io/security/advisory/2021-04-21/#SECURITY-2254" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints." }, { "cve": "CVE-2021-21644", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952151" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21644" }, { "category": "external", "summary": "RHBZ#1952151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952151" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21644", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21644" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21644" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability." }, { "cve": "CVE-2021-21645", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "discovery_date": "2021-04-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1952152" } ], "notes": [ { "category": "description", "text": "A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-21645" }, { "category": "external", "summary": "RHBZ#1952152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952152" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21645", "url": "https://www.cve.org/CVERecord?id=CVE-2021-21645" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21645" } ], "release_date": "2021-04-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints." }, { "cve": "CVE-2021-27219", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1929858" } ], "notes": [ { "category": "description", "text": "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits", "title": "Vulnerability summary" }, { "category": "other", "text": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\n\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27219" }, { "category": "external", "summary": "RHBZ#1929858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929858" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27219", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27219" } ], "release_date": "2021-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33034", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2021-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1961305" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33034" }, { "category": "external", "summary": "RHBZ#1961305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33034", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33034" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33034" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3" }, { "category": "external", "summary": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl", "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl" }, { "category": "external", "summary": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1", "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/migration-toolkit-for-containers/installing-mtc.html", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2854" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "product_ids": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHMTC-1.4:rhmtc/openshift-migration-operator-bundle@sha256:19f8a00034e63c8ed505b123ca224220695b043a825ffe55c32e5dd32dd05324_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-controller-rhel8@sha256:18574cc8e0805bc28bbb62724376ff468a986128d677dd23a552b3329c41858d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-log-reader-rhel8@sha256:98e3601ef0f97c3c37ebc67a6f4af8ad5cd6d83596e3b120c9561b0b09d82ccf_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-must-gather-rhel8@sha256:ae2595c2aea186fce5ee5fdbd178ed26965bd421cc834a9ec2d162f4287add9d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-registry-rhel8@sha256:6c179703e3c9e1108a9265333834a24037f0f8142d9438fe2197c12b9eb4de0f_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2c57a210641957a02149b5dcf96daab44cf7f35b57faf35e5b10bcafdb1091d9_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-ui-rhel8@sha256:ad6c9ecd4ebb45f7cdbfa1e3f750594f374845a4f4f2cad69007898e2953734d_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5c8e274d5821db1c6483b7c01549a265970ae7b0de23ac6faa2d354d566bdc39_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3f486a14a1ea60f70116dd8791e0258cfc86e42948cb4aaeca56243bf37fe867_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:4791f41741a2c701549791014c4e02431dd21f2358bc08141e405ba954b19e65_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:12e9ea1273dd504e03a2034665141f7fc32bfef1117232c088f282916fef46fb_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-migration-velero-rhel8@sha256:47c7e9b2d4ef258a4551cfd55ae2a3c92fdb0a83f238e8ad2b404f1b834fd4a0_amd64", "8Base-RHMTC-1.4:rhmtc/openshift-velero-plugin-rhel8@sha256:6a360caa1ec8818d3c78d16709a8930a2c4fa696c15e557e2939de50e35859f1_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan" } ] }
rhsa-2021_5072
Vulnerability from csaf_redhat
Published
2021-12-09 20:19
Modified
2024-09-18 04:21
Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update
Notes
Topic
An update for etcd is now available for Red Hat OpenStack Platform 16.1
(Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
A highly-available key value store for shared configuration
Security Fix(es):
* net/http: panic in ReadRequest and ReadResponse when reading a very large
header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for etcd is now available for Red Hat OpenStack Platform 16.1\n(Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* net/http: panic in ReadRequest and ReadResponse when reading a very large\nheader (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:5072", "url": "https://access.redhat.com/errata/RHSA-2021:5072" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_5072.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update", "tracking": { "current_release_date": "2024-09-18T04:21:14+00:00", "generator": { "date": "2024-09-18T04:21:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:5072", "initial_release_date": "2021-12-09T20:19:15+00:00", "revision_history": [ { "date": "2021-12-09T20:19:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-12-09T20:19:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:21:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform 16.1", "product": { "name": "Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenStack Platform" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.src", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.src", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-3.1.el8ost.1?arch=x86_64" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product_id": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-3.1.el8ost.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd@3.3.23-3.1.el8ost.1?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-3.1.el8ost.1?arch=ppc64le" } } }, { "category": "product_version", "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product_id": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-3.1.el8ost.1?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.src as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.src", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le" }, "product_reference": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "relates_to_product_reference": "8Base-RHOS-16.1" }, { "category": "default_component_of", "full_product_name": { "name": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64 as a component of Red Hat OpenStack Platform 16.1", "product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" }, "product_reference": "etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64", "relates_to_product_reference": "8Base-RHOS-16.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:5072" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:5072" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:5072" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:5072" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.src", "8Base-RHOS-16.1:etcd-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-3.1.el8ost.1.x86_64", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.ppc64le", "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-3.1.el8ost.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" } ] }
rhsa-2021_2543
Vulnerability from csaf_redhat
Published
2021-06-24 15:19
Modified
2024-09-18 04:18
Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Jaeger 1.20.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* nodejs-lodash: command injection via template (CVE-2021-23337)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Jaeger 1.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2543", "url": "https://access.redhat.com/errata/RHSA-2021:2543" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "1928172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172" }, { "category": "external", "summary": "1928937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" }, { "category": "external", "summary": "1928954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2543.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update", "tracking": { "current_release_date": "2024-09-18T04:18:23+00:00", "generator": { "date": "2024-09-18T04:18:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:2543", "initial_release_date": "2021-06-24T15:19:30+00:00", "revision_history": [ { "date": "2021-06-24T15:19:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-24T15:19:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:18:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Jaeger 1.20", "product": { "name": "Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20", "product_identification_helper": { "cpe": "cpe:/a:redhat:jaeger:1.20::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Jaeger" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-13949", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928172" } ], "notes": [ { "category": "description", "text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libthrift: potential DoS when processing untrusted payloads", "title": "Vulnerability summary" }, { "category": "other", "text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13949" }, { "category": "external", "summary": "RHBZ#1928172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libthrift: potential DoS when processing untrusted payloads" }, { "cve": "CVE-2020-28362", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-11-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1897635" } ], "notes": [ { "category": "description", "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: panic during recursive division of very large numbers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28362" }, { "category": "external", "summary": "RHBZ#1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362" } ], "release_date": "2020-11-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: panic during recursive division of very large numbers" }, { "cve": "CVE-2020-28500", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928954" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28500" }, { "category": "external", "summary": "RHBZ#1928954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905" } ], "release_date": "2021-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions" }, { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1918750" } ], "notes": [ { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "RHBZ#1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" } ], "release_date": "2021-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-23337", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2021-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928937" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: command injection via template", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23337" }, { "category": "external", "summary": "RHBZ#1928937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724" } ], "release_date": "2021-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-lodash: command injection via template" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
rhsa-2022_0577
Vulnerability from csaf_redhat
Published
2022-03-28 09:34
Modified
2024-09-18 14:40
Summary
Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]
Notes
Topic
The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0577", "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1913333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" }, { "category": "external", "summary": "1913338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" }, { "category": "external", "summary": "1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1990573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990573" }, { "category": "external", "summary": "1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "1992841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992841" }, { "category": "external", "summary": "1994859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994859" }, { "category": "external", "summary": "1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "2000772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000772" }, { "category": "external", "summary": "2001547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001547" }, { "category": "external", "summary": "2002961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002961" }, { "category": "external", "summary": "2005360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005360" }, { "category": "external", "summary": "2008601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008601" }, { "category": "external", "summary": "2015772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015772" }, { "category": "external", "summary": "2032048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032048" }, { "category": "external", "summary": "WINC-747", "url": "https://issues.redhat.com/browse/WINC-747" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0577.json" } ], "title": "Red Hat Security Advisory: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]", "tracking": { "current_release_date": "2024-09-18T14:40:51+00:00", "generator": { "date": "2024-09-18T14:40:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:0577", "initial_release_date": "2022-03-28T09:34:15+00:00", "revision_history": [ { "date": "2022-03-28T09:34:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-28T09:34:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T14:40:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "product_id": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle\u0026tag=v5.0.0-5" } } }, { "category": "product_version", "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64", "product": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64", "product_id": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64", "product_identification_helper": { "purl": "pkg:oci/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift4-wincw/windows-machine-config-rhel8-operator\u0026tag=5.0.0-5" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" }, "product_reference": "openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64", "relates_to_product_reference": "8Base-RHOSE-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-28851", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913333" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension", "title": "Vulnerability summary" }, { "category": "other", "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28851" }, { "category": "external", "summary": "RHBZ#1913333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28851" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851" } ], "release_date": "2021-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension" }, { "cve": "CVE-2020-28852", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913338" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", "title": "Vulnerability summary" }, { "category": "other", "text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28852" }, { "category": "external", "summary": "RHBZ#1913338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28852" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852" } ], "release_date": "2021-01-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag" }, { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1921650" } ], "notes": [ { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "RHBZ#1921650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" } ], "release_date": "2021-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "cve": "CVE-2021-29923", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992006" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29923" }, { "category": "external", "summary": "RHBZ#1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923" }, { "category": "external", "summary": "https://sick.codes/sick-2021-016/", "url": "https://sick.codes/sick-2021-016/" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" }, { "cve": "CVE-2021-36221", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2021-08-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995656" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36221" }, { "category": "external", "summary": "RHBZ#1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk", "url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0577" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-operator-bundle@sha256:e6ad3e6e043aeeebc84da2071ca26bb1e89c071598b5088a8a7f237626491072_amd64", "8Base-RHOSE-4.10:openshift4-wincw/windows-machine-config-rhel8-operator@sha256:31af4d44c7cc4e00219a99451ce2e3523cdba90d575d58979ae1355c4350b6fe_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic" } ] }
rhba-2021_2979
Vulnerability from csaf_redhat
Published
2021-08-11 05:14
Modified
2024-09-18 04:08
Summary
Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.23 is now available with
updates to packages and images that fix several bugs.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.23. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHSA-2021:2977
All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.7.23 is now available with\nupdates to packages and images that fix several bugs.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.7.23. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2977\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2021:2979", "url": "https://access.redhat.com/errata/RHBA-2021:2979" }, { "category": "external", "summary": "1988937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988937" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhba-2021_2979.json" } ], "title": "Red Hat Bug Fix Advisory: OpenShift Container Platform 4.7.23 packages update", "tracking": { "current_release_date": "2024-09-18T04:08:35+00:00", "generator": { "date": "2024-09-18T04:08:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHBA-2021:2979", "initial_release_date": "2021-08-11T05:14:36+00:00", "revision_history": [ { "date": "2021-08-11T05:14:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-11T05:14:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:08:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.7", "product": { "name": "Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.7::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=src" } } }, { "category": "product_version", "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "product": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "product": { "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "redhat-release-coreos-0:47.84-1.el8.src", "product": { "name": "redhat-release-coreos-0:47.84-1.el8.src", "product_id": "redhat-release-coreos-0:47.84-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "product": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "product": { "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "product_id": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "product": { "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "redhat-release-coreos-0:47.84-1.el8.x86_64", "product": { "name": "redhat-release-coreos-0:47.84-1.el8.x86_64", "product_id": "redhat-release-coreos-0:47.84-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "product": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "redhat-release-coreos-0:47.84-1.el8.ppc64le", "product": { "name": "redhat-release-coreos-0:47.84-1.el8.ppc64le", "product_id": "redhat-release-coreos-0:47.84-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_id": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_id": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_id": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.4-7.rhaos4.7.git6287500.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_id": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_id": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_id": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_id": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_id": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-4.rhaos4.7.git1d56dc8.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202107292242.p0.git.558d959.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "redhat-release-coreos-0:47.84-1.el8.s390x", "product": { "name": "redhat-release-coreos-0:47.84-1.el8.s390x", "product_id": "redhat-release-coreos-0:47.84-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-coreos@47.84-1.el8?arch=s390x" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "product": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "product_id": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product": { "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product_id": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product": { "name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product_id": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch" }, "product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src" }, "product_reference": "openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch" }, "product_reference": "openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x" }, "product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src" }, "product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64" }, "product_reference": "cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le" }, "product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x" }, "product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src" }, "product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" }, "product_reference": "ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le" }, "product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x" }, "product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" }, "product_reference": "ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le" }, "product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x" }, "product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" }, "product_reference": "ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le" }, "product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x" }, "product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" }, "product_reference": "ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-coreos-0:47.84-1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le" }, "product_reference": "redhat-release-coreos-0:47.84-1.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-coreos-0:47.84-1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x" }, "product_reference": "redhat-release-coreos-0:47.84-1.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-coreos-0:47.84-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src" }, "product_reference": "redhat-release-coreos-0:47.84-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-coreos-0:47.84-1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7", "product_id": "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" }, "product_reference": "redhat-release-coreos-0:47.84-1.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2979" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2979" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2979" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2979" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2021:2979" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202107292046.p0.git.e1b19c2.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202107291238.p0.git.c7654fb.assembly.stream.el8.noarch", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.src", "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el7.x86_64", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202107291238.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.src", "8Base-RHOSE-4.7:cri-o-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.ppc64le", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.s390x", "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.4-7.rhaos4.7.git6287500.el8.x86_64", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.src", "8Base-RHOSE-4.7:ignition-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.ppc64le", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.s390x", "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-4.rhaos4.7.git1d56dc8.el8.x86_64", "8Base-RHOSE-4.7:openshift-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.src", "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202107292242.p0.git.8b4b094.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.s390x", "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202107292242.p0.git.558d959.assembly.stream.el8.x86_64", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.ppc64le", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.s390x", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.src", "8Base-RHOSE-4.7:redhat-release-coreos-0:47.84-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_2984
Vulnerability from csaf_redhat
Published
2021-08-10 07:52
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.4 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.4 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2021:2983
Security Fix(es):
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.8.4 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2983\n\nSecurity Fix(es):\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2984", "url": "https://access.redhat.com/errata/RHSA-2021:2984" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1988945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988945" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2984.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.4 bug fix and security update", "tracking": { "current_release_date": "2024-09-18T04:19:21+00:00", "generator": { "date": "2024-09-18T04:19:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:2984", "initial_release_date": "2021-08-10T07:52:56+00:00", "revision_history": [ { "date": "2021-08-10T07:52:56+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-10T07:52:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.8", "product": { "name": "Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.8::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "ignition-0:2.9.0-7.rhaos4.8.el8.src", "product": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.src", "product_id": "ignition-0:2.9.0-7.rhaos4.8.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-7.rhaos4.8.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "product": { "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "product_id": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "product": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "product_id": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "product": { "name": "openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "product_id": "openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr@4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "product": { "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "product_id": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "product": { "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "product_id": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "product": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_id": "ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-7.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "product": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_id": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-7.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "product": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_id": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-7.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_id": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-7.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_id": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-7.rhaos4.8.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_id": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "product": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "product_id": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-8.rhaos4.8.git8d4264e.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_id": "ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-7.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_id": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-7.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_id": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-7.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_id": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-7.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_id": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-7.rhaos4.8.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product_id": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "product": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "product_id": "ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition@2.9.0-7.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "product": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "product_id": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-7.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "product": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "product_id": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-7.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product_id": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-7.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product_id": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-7.rhaos4.8.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_id": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_id": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_id": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.2-8.rhaos4.8.git8d4264e.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "product": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "product_id": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product": { "name": "openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_id": "openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product": { "name": "python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_id": "python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product": { "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product_id": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product": { "name": "openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product_id": "openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-test@4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch" }, "product_reference": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src" }, "product_reference": "openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch" }, "product_reference": "openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le" }, "product_reference": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x" }, "product_reference": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src" }, "product_reference": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64" }, "product_reference": "cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le" }, "product_reference": "ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x" }, "product_reference": "ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src" }, "product_reference": "ignition-0:2.9.0-7.rhaos4.8.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-0:2.9.0-7.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64" }, "product_reference": "ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le" }, "product_reference": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x" }, "product_reference": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64" }, "product_reference": "ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le" }, "product_reference": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x" }, "product_reference": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64" }, "product_reference": "ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le" }, "product_reference": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x" }, "product_reference": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64" }, "product_reference": "ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64" }, "product_reference": "ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src" }, "product_reference": "openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" }, "product_reference": "openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8", "product_id": "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" }, "product_reference": "python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2984" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202107292023.p0.git.626f7a3.assembly.stream.el7.noarch", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.src", "8Base-RHOSE-4.8:atomic-openshift-service-idler-0:4.8.0-202107291413.p0.git.39cfc66.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-kuryr-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-kuryr-cni-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-common-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:openshift-kuryr-controller-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch", "8Base-RHOSE-4.8:python3-kuryr-kubernetes-0:4.8.0-202107291413.p0.git.8a4c2d8.assembly.stream.el8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.src", "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el7.x86_64", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.src", "8Base-RHOSE-4.8:cri-o-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.ppc64le", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.s390x", "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.2-8.rhaos4.8.git8d4264e.el8.x86_64", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.src", "8Base-RHOSE-4.8:ignition-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-debugsource-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.ppc64le", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.s390x", "8Base-RHOSE-4.8:ignition-validate-debuginfo-0:2.9.0-7.rhaos4.8.el8.x86_64", "8Base-RHOSE-4.8:openshift-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.src", "8Base-RHOSE-4.8:openshift-clients-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-clients-redistributable-0:4.8.0-202107292313.p0.git.1077b05.assembly.stream.el8.x86_64", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.s390x", "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202107300027.p0.git.38b3ecc.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_3555
Vulnerability from csaf_redhat
Published
2021-09-16 15:24
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.17.0
Notes
Topic
Release of OpenShift Serverless Client kn 1.17.0
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
* serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 (CVE-2021-3703)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic
(CVE-2021-34558)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Release of OpenShift Serverless Client kn 1.17.0\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 (CVE-2021-3703)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n(CVE-2021-34558)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3555", "url": "https://access.redhat.com/errata/RHSA-2021:3555" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1983656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983656" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1992955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3555.json" } ], "title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.17.0", "tracking": { "current_release_date": "2024-09-18T04:20:01+00:00", "generator": { "date": "2024-09-18T04:20:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3555", "initial_release_date": "2021-09-16T15:24:35+00:00", "revision_history": [ { "date": "2021-09-16T15:24:35+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-09-16T15:24:35+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Serverless 1.0", "product": { "name": "Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:serverless:1.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Serverless" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.23.2-1.el8.src", "product": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.src", "product_id": "openshift-serverless-clients-0:0.23.2-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.23.2-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.23.2-1.el8.x86_64", "product": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.x86_64", "product_id": "openshift-serverless-clients-0:0.23.2-1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.23.2-1.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "product": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "product_id": "openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.23.2-1.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-clients-0:0.23.2-1.el8.s390x", "product": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.s390x", "product_id": "openshift-serverless-clients-0:0.23.2-1.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-serverless-clients@0.23.2-1.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le" }, "product_reference": "openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.s390x as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x" }, "product_reference": "openshift-serverless-clients-0:0.23.2-1.el8.s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.src as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src" }, "product_reference": "openshift-serverless-clients-0:0.23.2-1.el8.src", "relates_to_product_reference": "8Base-Openshift-Serverless-1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-clients-0:0.23.2-1.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0", "product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" }, "product_reference": "openshift-serverless-clients-0:0.23.2-1.el8.x86_64", "relates_to_product_reference": "8Base-Openshift-Serverless-1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3703", "discovery_date": "2021-08-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992955" } ], "notes": [ { "category": "description", "text": "CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed for Serverless 1.16.0 and Serverless client kn 1.16.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196", "title": "Vulnerability summary" }, { "category": "other", "text": "The flaw is moderate as the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 are moderate. The score is assigned as per the highest score given in CVE-2021-27918 and CVE-2021-33196.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3703" }, { "category": "external", "summary": "RHBZ#1992955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992955" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3703", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3703" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3703", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3703" } ], "release_date": "2021-09-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196" }, { "cve": "CVE-2021-27918", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937901" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27918" }, { "category": "external", "summary": "RHBZ#1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw", "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3555" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.ppc64le", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.s390x", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.src", "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:0.23.2-1.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2022_0308
Vulnerability from csaf_redhat
Published
2022-01-27 13:14
Modified
2024-09-18 04:21
Summary
Red Hat Security Advisory: OpenShift Container Storage 3.11.z security and bug fix update
Notes
Topic
Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 9 in the Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The OpenShift Container Storage solution provides persistent storage
service for OpenShift Containers and OpenShift Infrastructure services.
Security Fix(es):
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* With this update, the Heketi packages are upgraded to upstream version 10.4.0. (BZ#2012287)
All users of OpenShift Container Storage 3.11 are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 9 in the Red Hat Container Registry.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The OpenShift Container Storage solution provides persistent storage\nservice for OpenShift Containers and OpenShift Infrastructure services.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* With this update, the Heketi packages are upgraded to upstream version 10.4.0. (BZ#2012287)\n\nAll users of OpenShift Container Storage 3.11 are advised to upgrade to these updated packages, which fix these bugs.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0308", "url": "https://access.redhat.com/errata/RHSA-2022:0308" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1979199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979199" }, { "category": "external", "summary": "2012287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012287" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0308.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Storage 3.11.z security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:21:14+00:00", "generator": { "date": "2024-09-18T04:21:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:0308", "initial_release_date": "2022-01-27T13:14:43+00:00", "revision_history": [ { "date": "2022-01-27T13:14:43+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-27T13:14:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:21:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Gluster Storage Server 3.5 on RHEL-7", "product": { "name": "Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server", "product_identification_helper": { "cpe": "cpe:/a:redhat:storage:3.5:server:el7" } } }, { "category": "product_name", "name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Storage Native Client for Red Hat Enterprise Linux 7", "product_id": "7Server-RHSClient", "product_identification_helper": { "cpe": "cpe:/a:redhat:storage:3:client:el7" } } } ], "category": "product_family", "name": "Red Hat Gluster Storage" }, { "branches": [ { "category": "product_version", "name": "heketi-0:10.4.0-2.el7rhgs.src", "product": { "name": "heketi-0:10.4.0-2.el7rhgs.src", "product_id": "heketi-0:10.4.0-2.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/heketi@10.4.0-2.el7rhgs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "heketi-0:10.4.0-2.el7rhgs.x86_64", "product": { "name": "heketi-0:10.4.0-2.el7rhgs.x86_64", "product_id": "heketi-0:10.4.0-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/heketi@10.4.0-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "heketi-client-0:10.4.0-2.el7rhgs.x86_64", "product": { "name": "heketi-client-0:10.4.0-2.el7rhgs.x86_64", "product_id": "heketi-client-0:10.4.0-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/heketi-client@10.4.0-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "python-heketi-0:10.4.0-2.el7rhgs.x86_64", "product": { "name": "python-heketi-0:10.4.0-2.el7rhgs.x86_64", "product_id": "python-heketi-0:10.4.0-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-heketi@10.4.0-2.el7rhgs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "heketi-0:10.4.0-2.el7rhgs.src as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src" }, "product_reference": "heketi-0:10.4.0-2.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "heketi-0:10.4.0-2.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64" }, "product_reference": "heketi-0:10.4.0-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "heketi-client-0:10.4.0-2.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64" }, "product_reference": "heketi-client-0:10.4.0-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "python-heketi-0:10.4.0-2.el7rhgs.x86_64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64" }, "product_reference": "python-heketi-0:10.4.0-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "heketi-0:10.4.0-2.el7rhgs.src as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7", "product_id": "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src" }, "product_reference": "heketi-0:10.4.0-2.el7rhgs.src", "relates_to_product_reference": "7Server-RHSClient" }, { "category": "default_component_of", "full_product_name": { "name": "heketi-client-0:10.4.0-2.el7rhgs.x86_64 as a component of Red Hat Storage Native Client for Red Hat Enterprise Linux 7", "product_id": "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" }, "product_reference": "heketi-client-0:10.4.0-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RHSClient" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1918750" } ], "notes": [ { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "RHBZ#1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" } ], "release_date": "2021-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0308" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0308" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RH-Gluster-3.5-Server:heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:heketi-client-0:10.4.0-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-Server:python-heketi-0:10.4.0-2.el7rhgs.x86_64", "7Server-RHSClient:heketi-0:10.4.0-2.el7rhgs.src", "7Server-RHSClient:heketi-client-0:10.4.0-2.el7rhgs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
rhsa-2021_3076
Vulnerability from csaf_redhat
Published
2021-08-10 16:13
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update
Notes
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)
Security Fix(es):
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)
* FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nThe following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)\n\n* FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3076", "url": "https://access.redhat.com/errata/RHSA-2021:3076" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_go_1.15.7_toolset", "url": "https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_go_1.15.7_toolset" }, { "category": "external", "summary": "1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "1978567", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978567" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3076.json" } ], "title": "Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-09-18T04:19:28+00:00", "generator": { "date": "2024-09-18T04:19:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3076", "initial_release_date": "2021-08-10T16:13:22+00:00", "revision_history": [ { "date": "2021-08-10T16:13:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-10T16:13:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "go-toolset:rhel8:8040020210716085908:5081a262", "product": { "name": "go-toolset:rhel8:8040020210716085908:5081a262", "product_id": "go-toolset:rhel8:8040020210716085908:5081a262", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/go-toolset@rhel8:8040020210716085908:5081a262" } } }, { "category": "product_version", "name": "golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product": { "name": "golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_id": "golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-docs@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=noarch" } } }, { "category": "product_version", "name": "golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product": { "name": "golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_id": "golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-misc@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=noarch" } } }, { "category": "product_version", "name": "golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product": { "name": "golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_id": "golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-src@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=noarch" } } }, { "category": "product_version", "name": "golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product": { "name": "golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_id": "golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-tests@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_id": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=aarch64" } } }, { "category": "product_version", "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_id": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=aarch64" } } }, { "category": "product_version", "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_id": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product_id": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=src" } } }, { "category": "product_version", "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product_id": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=src" } } }, { "category": "product_version", "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "product": { "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "product_id": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve@1.5.0-2.module%2Bel8.4.0%2B8864%2B58b0fcdb?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_id": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_id": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=ppc64le" } } }, { "category": "product_version", "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_id": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_id": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=s390x" } } }, { "category": "product_version", "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_id": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=s390x" } } }, { "category": "product_version", "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_id": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product": { "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_id": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve@1.5.0-2.module%2Bel8.4.0%2B8864%2B58b0fcdb?arch=x86_64" } } }, { "category": "product_version", "name": "delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product": { "name": "delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_id": "delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve-debuginfo@1.5.0-2.module%2Bel8.4.0%2B8864%2B58b0fcdb?arch=x86_64" } } }, { "category": "product_version", "name": "delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product": { "name": "delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_id": "delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/delve-debugsource@1.5.0-2.module%2Bel8.4.0%2B8864%2B58b0fcdb?arch=x86_64" } } }, { "category": "product_version", "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_id": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/go-toolset@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=x86_64" } } }, { "category": "product_version", "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_id": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=x86_64" } } }, { "category": "product_version", "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_id": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-bin@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=x86_64" } } }, { "category": "product_version", "name": "golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product": { "name": "golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_id": "golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-race@1.15.14-1.module%2Bel8.4.0%2B11833%2B614b07b8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, "product_reference": "go-toolset:rhel8:8040020210716085908:5081a262", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src" }, "product_reference": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64" }, "product_reference": "delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64" }, "product_reference": "delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64" }, "product_reference": "delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64" }, "product_reference": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le" }, "product_reference": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x" }, "product_reference": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src" }, "product_reference": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64" }, "product_reference": "go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64" }, "product_reference": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le" }, "product_reference": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x" }, "product_reference": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src" }, "product_reference": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64" }, "product_reference": "golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64" }, "product_reference": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le" }, "product_reference": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x" }, "product_reference": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64" }, "product_reference": "golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" }, "product_reference": "golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" }, "product_reference": "golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64 as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64" }, "product_reference": "golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" }, "product_reference": "golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" }, { "category": "default_component_of", "full_product_name": { "name": "golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch as a component of go-toolset:rhel8:8040020210716085908:5081a262 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" }, "product_reference": "golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27918", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937901" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27918" }, { "category": "external", "summary": "RHBZ#1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw", "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3076" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3076" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3076" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3076" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debuginfo-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:delve-debugsource-0:1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:go-toolset-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.src", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.aarch64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.ppc64le", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.s390x", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-bin-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-docs-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-misc-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-race-0:1.15.14-1.module+el8.4.0+11833+614b07b8.x86_64", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-src-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch", "AppStream-8.4.0.Z.MAIN.EUS:go-toolset:rhel8:8040020210716085908:5081a262:golang-tests-0:1.15.14-1.module+el8.4.0+11833+614b07b8.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_3748
Vulnerability from csaf_redhat
Published
2021-10-07 14:17
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update
Notes
Topic
Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.
Security Fix(es):
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of OpenShift Container Storage 3.11 container images are advised to pull these updated images from the Red Hat Container Registry.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated container images that fix various bugs are now available for Red Hat OpenShift Container Storage 3.11 Update 8 in the Red Hat Container Registry.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll users of OpenShift Container Storage 3.11 container images are advised to pull these updated images from the Red Hat Container Registry.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3748", "url": "https://access.redhat.com/errata/RHSA-2021:3748" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "1957321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957321" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1987163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987163" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3748.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update", "tracking": { "current_release_date": "2024-09-18T04:19:45+00:00", "generator": { "date": "2024-09-18T04:19:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:3748", "initial_release_date": "2021-10-07T14:17:37+00:00", "revision_history": [ { "date": "2021-10-07T14:17:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-10-07T14:17:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Gluster Storage Server 3.5 on RHEL-7", "product": { "name": "Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server", "product_identification_helper": { "cpe": "cpe:/a:redhat:storage:3.5:server:el7" } } } ], "category": "product_family", "name": "Red Hat Gluster Storage" }, { "branches": [ { "category": "product_version", "name": "rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64", "product": { "name": "rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64", "product_id": "rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64", "product_identification_helper": { "purl": "pkg:oci/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648?arch=amd64\u0026repository_url=registry.redhat.io/rhgs3/rhgs-gluster-block-prov-rhel7\u0026tag=3.11.8-1" } } }, { "category": "product_version", "name": "rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "product": { "name": "rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "product_id": "rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "product_identification_helper": { "purl": "pkg:oci/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820?arch=amd64\u0026repository_url=registry.redhat.io/rhgs3/rhgs-server-rhel7\u0026tag=3.11.8-3" } } }, { "category": "product_version", "name": "rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64", "product": { "name": "rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64", "product_id": "rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64", "product_identification_helper": { "purl": "pkg:oci/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972?arch=amd64\u0026repository_url=registry.redhat.io/rhgs3/rhgs-volmanager-rhel7\u0026tag=3.11.8-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" }, "product_reference": "rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64" }, "product_reference": "rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" }, { "category": "default_component_of", "full_product_name": { "name": "rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64 as a component of Red Hat Gluster Storage Server 3.5 on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64" }, "product_reference": "rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1918750" } ], "notes": [ { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "RHBZ#1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" } ], "release_date": "2021-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3748" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-server-rhel7@sha256:b8b6c480ad5d74ffd872abf3d741bff2d4d196f7dc01856fb67959f48407c820_amd64", "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-volmanager-rhel7@sha256:e82d5d88395a3ac3577804b5ac1c6a5bbbfe49eb224ffe9acd8996442bdc4972_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3748" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-Server:rhgs3/rhgs-gluster-block-prov-rhel7@sha256:37acd6bfc91127d8b50447e7db190fbaea5241b031c8829e4faeac44c3fb6648_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
rhsa-2021_3759
Vulnerability from csaf_redhat
Published
2021-10-18 17:26
Modified
2021-10-18 17:26
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.9.0 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:3758
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)
* sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)
* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
* nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* helm: information disclosure vulnerability (CVE-2021-32690)
* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le
The image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.0. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:3758\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation (CVE-2021-26539)\n\n* sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element (CVE-2021-26540)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string (CVE-2021-29059)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-x86_64\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-s390x\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.0-ppc64le\n\nThe image digest is sha256:d262a12de33125907e0b75a5ea34301dd27c4a6bde8295f6b922411f07623e61\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3759", "url": "https://access.redhat.com/errata/RHSA-2021:3759" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_3759.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.0 bug fix and security update", "tracking": { "current_release_date": "2021-10-18T17:26:00Z", "generator": { "date": "2023-07-01T05:08:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2021:3759", "initial_release_date": "2021-10-18T17:26:00Z", "revision_history": [ { "date": "2021-10-18T17:26:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "product": { "name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "product_id": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "product": { "name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "product_id": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream" } }, { "category": "product_version", "name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "product": { "name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "product_id": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream" } }, { "category": "product_version", "name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "product": { "name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "product_id": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "product": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "product_id": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "product": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "product_id": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "product": { "name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "product_id": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "product": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "product_id": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "product_id": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "product": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "product_id": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "product": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "product_id": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "product": { "name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "product_id": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product_id": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "product": { "name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "product_id": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "product": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "product_id": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "product": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "product_id": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "product": { "name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "product_id": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "product": { "name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "product_id": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "product": { "name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "product_id": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "product": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "product_id": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "product": { "name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "product_id": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "product": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "product_id": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "product": { "name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "product_id": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "product": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "product_id": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "product": { "name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "product_id": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "product": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "product_id": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "product": { "name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "product_id": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "product": { "name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "product_id": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "product_id": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "product_id": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "product_id": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "product": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "product_id": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "product": { "name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "product_id": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "product": { "name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "product_id": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "product": { "name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "product_id": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "product": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "product_id": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "product": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "product_id": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "product": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "product_id": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "product": { "name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "product_id": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "product": { "name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "product_id": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "product": { "name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "product_id": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "product": { "name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "product_id": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "product": { "name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "product_id": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "product": { "name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "product_id": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "product": { "name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "product_id": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "product": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "product_id": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "product": { "name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "product_id": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product_id": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "product": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "product_id": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "product": { "name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "product_id": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "product": { "name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "product_id": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product": { "name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product_id": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "product_id": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "product": { "name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "product_id": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "product": { "name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "product_id": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "product": { "name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "product_id": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "product": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "product_id": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "product": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "product_id": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "product": { "name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "product_id": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "product": { "name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "product_id": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "product": { "name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "product_id": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "product": { "name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "product_id": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product": { "name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product_id": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product": { "name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "product_id": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "product": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "product_id": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "product": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "product_id": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "product": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "product_id": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "product": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "product_id": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "product": { "name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "product_id": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "product": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "product_id": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "product_id": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product": { "name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "product_id": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "product": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "product_id": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "product": { "name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "product_id": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "product": { "name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "product_id": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "product": { "name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "product_id": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "product": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "product_id": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "product": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "product_id": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "product": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "product_id": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "product": { "name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "product_id": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "product": { "name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "product_id": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "product": { "name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "product_id": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "product": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "product_id": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "product": { "name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "product_id": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "product": { "name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "product_id": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "product": { "name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "product_id": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "product": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "product_id": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "product": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "product_id": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "product": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "product_id": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "product": { "name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "product_id": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "product": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "product_id": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "product": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "product_id": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "product": { "name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "product_id": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "product": { "name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "product_id": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "product": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "product_id": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "product": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "product_id": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "product": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "product_id": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product_id": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "product_id": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "product": { "name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "product_id": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "product": { "name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "product_id": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "product": { "name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "product_id": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "product": { "name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "product_id": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "product": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "product_id": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "product": { "name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "product_id": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "product": { "name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "product_id": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "product": { "name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "product_id": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "product": { "name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "product_id": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "product": { "name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "product_id": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "product": { "name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "product_id": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "product": { "name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "product_id": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "product": { "name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "product_id": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "product": { "name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "product_id": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "product": { "name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "product_id": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "product": { "name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "product_id": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "product": { "name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "product_id": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "product": { "name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "product_id": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product": { "name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "product_id": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product_id": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "product_id": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "product": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "product_id": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream" } }, { "category": "product_version", "name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream", "product": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream", "product_id": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream" }, "product_reference": "openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream" }, "product_reference": "openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream" }, "product_reference": "openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream" }, "product_reference": "openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream" }, "product_reference": "openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream" }, "product_reference": "openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream" }, "product_reference": "openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream" }, "product_reference": "openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream" }, "product_reference": "openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream" }, "product_reference": "openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream" }, "product_reference": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream" }, "product_reference": "openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream" }, "product_reference": "openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream" }, "product_reference": "openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream" }, "product_reference": "openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream" }, "product_reference": "openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream" }, "product_reference": "openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream" }, "product_reference": "openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream" }, "product_reference": "openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream" }, "product_reference": "openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream" }, "product_reference": "openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream" }, "product_reference": "openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream" }, "product_reference": "openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream" }, "product_reference": "openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream" }, "product_reference": "openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream" }, "product_reference": "openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream" }, "product_reference": "openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream" }, "product_reference": "openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream" }, "product_reference": "openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream" }, "product_reference": "openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream" }, "product_reference": "openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8 as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8" }, "product_reference": "openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream" }, "product_reference": "openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream" }, "product_reference": "openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream" }, "product_reference": "openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" }, "product_reference": "openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream" }, "product_reference": "openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream" }, "product_reference": "openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream" }, "product_reference": "openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" }, "product_reference": "openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream" }, "product_reference": "openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream" }, "product_reference": "openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream" }, "product_reference": "openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream" }, "product_reference": "openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream" }, "product_reference": "openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream" }, "product_reference": "openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" }, "product_reference": "openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream" }, "product_reference": "openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream" }, "product_reference": "openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream" }, "product_reference": "openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream" }, "product_reference": "openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream" }, "product_reference": "openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream" }, "product_reference": "openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream" }, "product_reference": "openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream" }, "product_reference": "openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream" }, "product_reference": "openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream" }, "product_reference": "openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream" }, "product_reference": "openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream" }, "product_reference": "openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream" }, "product_reference": "openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream" }, "product_reference": "openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream" }, "product_reference": "openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream" }, "product_reference": "openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream" }, "product_reference": "openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream" }, "product_reference": "openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream" }, "product_reference": "openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream" }, "product_reference": "openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream" }, "product_reference": "openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream" }, "product_reference": "openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream" }, "product_reference": "openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream" }, "product_reference": "openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream" }, "product_reference": "openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream" }, "product_reference": "openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream" }, "product_reference": "openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream" }, "product_reference": "openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream" }, "product_reference": "openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream" }, "product_reference": "openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream" }, "product_reference": "openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream" }, "product_reference": "openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream" }, "product_reference": "openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream" }, "product_reference": "openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream" }, "product_reference": "openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream" }, "product_reference": "openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream" }, "product_reference": "openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream" }, "product_reference": "openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream" }, "product_reference": "openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream" }, "product_reference": "openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream" }, "product_reference": "openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" }, "product_reference": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream" }, "product_reference": "openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream" }, "product_reference": "openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream" }, "product_reference": "openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream" }, "product_reference": "openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream" }, "product_reference": "openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream" }, "product_reference": "openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" }, "product_reference": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream" }, "product_reference": "openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" }, "product_reference": "openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream", "relates_to_product_reference": "8Base-RHOSE-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3121", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "discovery_date": "2021-01-28T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121" }, { "category": "external", "summary": "CVE-2021-3121", "url": "https://access.redhat.com/security/cve/CVE-2021-3121" }, { "category": "external", "summary": "bz#1921650: CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650" } ], "release_date": "2021-01-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-01-28T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation" }, { "cve": "CVE-2021-26539", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-08T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the \"allowedIframeHostnames\" option.", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26539", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26539" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26539" }, { "category": "external", "summary": "CVE-2021-26539", "url": "https://access.redhat.com/security/cve/CVE-2021-26539" }, { "category": "external", "summary": "bz#1932362: CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932362" } ], "release_date": "2021-01-22T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-08T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation" }, { "cve": "CVE-2021-26540", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-02-08T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the \"allowedIframeHostnames\" option when the \"allowIframeRelativeUrls\" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with \"/\\\\example.com\".", "title": "Vulnerability description" }, { "category": "summary", "text": "sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26540", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26540" }, { "category": "external", "summary": "CVE-2021-26540", "url": "https://access.redhat.com/security/cve/CVE-2021-26540" }, { "category": "external", "summary": "bz#1932323: CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932323" } ], "release_date": "2021-01-26T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-02-08T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element" }, { "cve": "CVE-2021-28092", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-12T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-is-svg: ReDoS via malicious string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28092" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092" }, { "category": "external", "summary": "CVE-2021-28092", "url": "https://access.redhat.com/security/cve/CVE-2021-28092" }, { "category": "external", "summary": "bz#1939103: CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103" } ], "release_date": "2021-03-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-03-12T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string" }, { "cve": "CVE-2021-29059", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-06-22T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in IS-SVG where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29059", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29059" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29059" }, { "category": "external", "summary": "CVE-2021-29059", "url": "https://access.redhat.com/security/cve/CVE-2021-29059" }, { "category": "external", "summary": "bz#1974839: CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839" } ], "release_date": "2021-06-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-06-22T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "category": "external", "summary": "CVE-2021-31525", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "bz#1958341: CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" } ], "release_date": "2021-04-22T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-05-06T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-32690", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-06-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1978144" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A vulnerability was discovered in Helm, which could allow credentials associated with one Helm repository to be leaked to another repository referenced by the first one. In order to exploit this vulnerability, an attacker would need to control a repository trusted by the configuration of the target Helm instance.", "title": "Vulnerability description" }, { "category": "summary", "text": "information disclosure vulnerability", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-32690", "url": "https://www.cve.org/CVERecord?id=CVE-2021-32690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32690" }, { "category": "external", "summary": "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf", "url": "https://github.com/helm/helm/security/advisories/GHSA-56hp-xqp3-w2jf" }, { "category": "external", "summary": "CVE-2021-32690", "url": "https://access.redhat.com/security/cve/CVE-2021-32690" }, { "category": "external", "summary": "bz#1978144: information disclosure vulnerability", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978144" } ], "release_date": "2021-06-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8" ] } ], "threats": [ { "category": "impact", "date": "2021-06-17T00:00:00Z", "details": "Moderate" } ], "title": "information disclosure vulnerability" }, { "cve": "CVE-2021-33194", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-05-20T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in golang. An attacker can craft an input to ParseFragment within parse.go that would cause it to enter an infinite loop and never return. The greatest threat to the system is of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: x/net/html: infinite loop in ParseFragment", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33194", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ", "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ" }, { "category": "external", "summary": "CVE-2021-33194", "url": "https://access.redhat.com/security/cve/CVE-2021-33194" }, { "category": "external", "summary": "bz#1963232: CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963232" } ], "release_date": "2021-05-20T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-05-20T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "category": "external", "summary": "CVE-2021-33195", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "bz#1989564: CVE-2021-33195 golang: net: lookup functions may return invalid host names", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" } ], "release_date": "2021-05-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-08-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-33195 golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "category": "external", "summary": "CVE-2021-33197", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "bz#1989570: CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" } ], "release_date": "2021-05-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-08-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" }, { "category": "external", "summary": "CVE-2021-33198", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "bz#1989575: CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" } ], "release_date": "2021-03-10T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-08-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "known_not_affected": [ "8Base-RHOSE-4.9:openshift4/driver-toolkit-rhel8:v4.9.0-202110052311.p0.git.25c3513.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-alt-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/egress-router-cni-rhel8:v4.9.0-202109302317.p0.git.099b756.assembly.stream", "8Base-RHOSE-4.9:openshift4/network-tools-rhel8:v4.9.0-202110081859.p0.git.ed0b846.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.18d82a6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.e8e2cb3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-ebs-csi-driver-rhel8:v4.9.0-202109302317.p0.git.26f1b6f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-machine-controllers:v4.9.0-202109302317.p0.git.f5013d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-aws-pod-identity-webhook-rhel8:v4.9.0-202109302317.p0.git.175f98f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-cloud-node-manager-rhel8:v4.9.0-202109302317.p0.git.c02678d.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.60fd0ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-disk-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ade7373.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-azure-machine-controllers:v4.9.0-202109302317.p0.git.c689e78.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-installer-rhel8:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-machine-controllers:v4.9.0-202109302317.p0.git.1c81cab.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-rhel8-operator:v4.9.0-202109302317.p0.git.cf45440.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-baremetal-runtimecfg-rhel8:v4.9.0-202109302317.p0.git.066cf9f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts-alt-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli-artifacts:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cli:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cloud-credential-operator:v4.9.0-202109302317.p0.git.0d83e9b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-authentication-operator:v4.9.0-202109302317.p0.git.b6c02e6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler-operator:v4.9.0-202109302317.p0.git.4a69154.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-autoscaler:v4.9.0-202109302016.p0.git.68fe93a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202109302317.p0.git.fc2865a.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-bootstrap:v4.9.0-202109302317.p0.git.7e074a7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.9.0-202109302317.p0.git.2b9246c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-config-operator:v4.9.0-202109302317.p0.git.f901f5b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.9.0-202110010218.p0.git.c750d4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-dns-operator:v4.9.0-202109302317.p0.git.083d37c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-etcd-rhel8-operator:v4.9.0-202109302317.p0.git.a6820f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-image-registry-operator:v4.9.0-202110010218.p0.git.48485bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-ingress-operator:v4.9.0-202109302317.p0.git.9aa4433.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-apiserver-operator:v4.9.0-202109302317.p0.git.ea2ec3b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-controller-manager-operator:v4.9.0-202109302317.p0.git.7766edf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-scheduler-operator:v4.9.0-202109302317.p0.git.c90e03f.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator:v4.9.0-202109302317.p0.git.c45ac14.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-machine-approver:v4.9.0-202109302317.p0.git.093c444.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-monitoring-operator:v4.9.0-202109302317.p0.git.79cdf68.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-network-operator:v4.9.0-202109302317.p0.git.8437b07.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-node-tuning-operator:v4.9.0-202109302317.p0.git.9284381.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-apiserver-operator:v4.9.0-202109302317.p0.git.4cc29cf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-openshift-controller-manager-operator:v4.9.0-202109302317.p0.git.3015cb8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-policy-controller-rhel8:v4.9.0-202109302317.p0.git.8fbffaf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-samples-operator:v4.9.0-202109302016.p0.git.49a97d3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-storage-operator:v4.9.0-202109302317.p0.git.2e76e02.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-update-keys:v4.9.0-202109302317.p0.git.3e20043.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-cluster-version-operator:v4.9.0-202110081830.p0.git.1f15159.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-configmap-reloader:v4.9.0-202109302317.p0.git.b84b5bf.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console-operator:v4.9.0-202110010218.p0.git.b805832.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-console:v4.9.0-202110130449.p0.git.8c077e4.assembly.rc.8", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-alt-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-container-networking-plugins-rhel8:v4.9.0-202109302317.p0.git.44a4913.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-coredns:v4.9.0-202109302317.p0.git.3cb11c0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8-operator:v4.9.0-202109302317.p0.git.fd2d838.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-manila-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202109302317.p0.git.0e0c173.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher-rhel8:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-attacher:v4.9.0-202109302317.p0.git.0a1737c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer-rhel8:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-resizer:v4.9.0-202109302317.p0.git.dad46d0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-external-snapshotter:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-controller:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-csi-snapshot-validation-webhook-rhel8:v4.9.0-202109302317.p0.git.52ab893.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-deployer:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-builder:v4.9.0-202109302016.p0.git.50d5b91.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-docker-registry:v4.9.0-202109302317.p0.git.50d54ae.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-machine-controllers-rhel8:v4.9.0-202110011856.p0.git.d92b088.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.b1a29ea.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-gcp-pd-csi-driver-rhel8:v4.9.0-202109302317.p0.git.48d49f7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-grafana:v4.9.0-202109302317.p0.git.6130ba8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-haproxy-router:v4.9.0-202109302317.p0.git.2d1e1f4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-hyperkube:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-insights-rhel8-operator:v4.9.0-202109302317.p0.git.51e4523.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer-artifacts:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-installer:v4.9.0-202110082228.p0.git.6e5b992.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-hardware-inventory-recorder-rhel8:v4.9.0-202109302016.p0.git.1d3d07b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-inspector-rhel8:v4.9.0-202109302016.p0.git.9474b75.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-ipa-downloader-rhel8:v4.9.0-202109302016.p0.git.6e9af39.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-machine-os-downloader-rhel8:v4.9.0-202109302016.p0.git.a367c21.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-rhel8:v4.9.0-202110071025.p0.git.ab287f6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ironic-static-ip-manager-rhel8:v4.9.0-202109302016.p0.git.d13dccb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-base:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-maven:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins-agent-nodejs-12-rhel8:v4.9.0-202110011028.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-jenkins:v4.9.0-202109302317.p0.git.aa28a4b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-k8s-prometheus-adapter:v4.9.0-202109302317.p0.git.adfdd41.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-keepalived-ipfailover:v4.9.0-202109302317.p0.git.f93eca8.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-proxy:v4.9.0-202109302317.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-state-metrics:v4.9.0-202109302317.p0.git.6e41dbd.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kube-storage-version-migrator-rhel8:v4.9.0-202109302317.p0.git.901a6d2.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-cni-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-kuryr-controller-rhel8:v4.9.0-202109302016.p0.git.e66f211.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-libvirt-machine-controllers:v4.9.0-202109302317.p0.git.59ae2ed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-api-operator:v4.9.0-202109302317.p0.git.38efcc6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-machine-config-operator:v4.9.0-202109302317.p0.git.d2d236b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-mdns-publisher-rhel8:v4.9.0-202109302317.p0.git.266597b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-admission-controller:v4.9.0-202109302317.p0.git.3c28a57.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni-alt-rhel8:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-cni:v4.9.0-202109302317.p0.git.5e081d5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-networkpolicy-rhel8:v4.9.0-202109302317.p0.git.fd12fed.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-alt-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-route-override-cni-rhel8:v4.9.0-202109302016.p0.git.707dd38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-alt-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-multus-whereabouts-ipam-cni-rhel8:v4.9.0-202109302016.p0.git.d291d96.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-must-gather:v4.9.0-202109302317.p0.git.d4b3f38.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-network-metrics-daemon-rhel8:v4.9.0-202109302317.p0.git.9fd6103.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-apiserver-rhel8:v4.9.0-202109302317.p0.git.6e0f921.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-proxy:v4.9.0-202109302016.p0.git.9ea1ebc.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-oauth-server-rhel8:v4.9.0-202109302317.p0.git.a51e181.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-apiserver-rhel8:v4.9.0-202109302317.p0.git.272f995.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-controller-manager-rhel8:v4.9.0-202109302317.p0.git.eda2db6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openshift-state-metrics-rhel8:v4.9.0-202109302317.p0.git.689af8b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.6f34668.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cinder-csi-driver-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-cloud-controller-manager-rhel8:v4.9.0-202109302317.p0.git.ddbc0e4.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-openstack-machine-controllers:v4.9.0-202109302317.p0.git.a7442bb.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-lifecycle-manager:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-marketplace:v4.9.0-202109302317.p0.git.cfc16ec.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-operator-registry:v4.9.0-202109302317.p0.git.32eb259.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovirt-machine-controllers-rhel8:v4.9.0-202109302317.p0.git.2262c7c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-ovn-kubernetes:v4.9.0-202110081859.p0.git.100ec23.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-pod:v4.9.0-202110080828.p0.git.894a78b.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prom-label-proxy:v4.9.0-202109302016.p0.git.4d11d13.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-alertmanager:v4.9.0-202109302016.p0.git.579e3c6.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-config-reloader:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-node-exporter:v4.9.0-202109302016.p0.git.1ab97f3.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus-operator:v4.9.0-202109302317.p0.git.ce7d979.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-sdn-rhel8:v4.9.0-202110041951.p0.git.9647cb0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-service-ca-operator:v4.9.0-202109302317.p0.git.ab44f58.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-telemeter:v4.9.0-202109302317.p0.git.03842e0.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tests:v4.9.0-202110011028.p0.git.6105395.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-thanos-rhel8:v4.9.0-202109302317.p0.git.e0fa82c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-tools-rhel8:v4.9.0-202109302317.p0.git.96e95ce.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.9.0-202109302317.p0.git.09517b5.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.9.0-202109302317.p0.git.4ece3d1.assembly.stream", "8Base-RHOSE-4.9:openshift4/ose-vsphere-problem-detector-rhel8:v4.9.0-202109302317.p0.git.646689c.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8-operator:v4.9.0-202109302317.p0.git.7fe7f8e.assembly.stream", "8Base-RHOSE-4.9:openshift4/ovirt-csi-driver-rhel8:v4.9.0-202109302317.p0.git.22a3b88.assembly.stream" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" }, { "category": "external", "summary": "CVE-2021-34558", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "bz#1983596: CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" } ], "release_date": "2021-07-13T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ], "url": "https://access.redhat.com/errata/RHSA-2021:3759" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:openshift4/ose-etcd:v4.9.0-202109302317.p0.git.5c1feaf.assembly.stream" ] } ], "threats": [ { "category": "impact", "date": "2021-07-14T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2022_0191
Vulnerability from csaf_redhat
Published
2022-01-19 17:48
Modified
2024-09-18 04:20
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.2 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.2 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.9.2 images:
RHEL-8-CNV-4.9
==============
kubevirt-vmware-container-v4.9.2-1
virtio-win-container-v4.9.2-1
kubemacpool-container-v4.9.2-1
ovs-cni-plugin-container-v4.9.2-1
ovs-cni-marker-container-v4.9.2-1
node-maintenance-operator-container-v4.9.2-1
cnv-containernetworking-plugins-container-v4.9.2-1
hostpath-provisioner-container-v4.9.2-1
bridge-marker-container-v4.9.2-1
kubevirt-template-validator-container-v4.9.2-1
cluster-network-addons-operator-container-v4.9.2-1
kubernetes-nmstate-handler-container-v4.9.2-1
hostpath-provisioner-operator-container-v4.9.2-2
cnv-must-gather-container-v4.9.2-2
virt-cdi-controller-container-v4.9.2-8
virt-cdi-apiserver-container-v4.9.2-8
virt-cdi-uploadserver-container-v4.9.2-8
virt-cdi-operator-container-v4.9.2-8
virt-cdi-uploadproxy-container-v4.9.2-8
virt-cdi-cloner-container-v4.9.2-8
virt-cdi-importer-container-v4.9.2-8
hyperconverged-cluster-webhook-container-v4.9.2-6
hyperconverged-cluster-operator-container-v4.9.2-6
kubevirt-ssp-operator-container-v4.9.2-3
kubevirt-v2v-conversion-container-v4.9.2-2
vm-import-controller-container-v4.9.2-2
vm-import-operator-container-v4.9.2-2
vm-import-virtv2v-container-v4.9.2-2
virt-launcher-container-v4.9.2-7
virt-controller-container-v4.9.2-7
virt-api-container-v4.9.2-7
virt-operator-container-v4.9.2-7
virt-artifacts-server-container-v4.9.2-7
libguestfs-tools-container-v4.9.2-7
virt-handler-container-v4.9.2-7
hco-bundle-registry-container-v4.9.2-27
Security Fix(es):
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.9.2 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.2 images:\n\nRHEL-8-CNV-4.9\n==============\nkubevirt-vmware-container-v4.9.2-1\nvirtio-win-container-v4.9.2-1\nkubemacpool-container-v4.9.2-1\novs-cni-plugin-container-v4.9.2-1\novs-cni-marker-container-v4.9.2-1\nnode-maintenance-operator-container-v4.9.2-1\ncnv-containernetworking-plugins-container-v4.9.2-1\nhostpath-provisioner-container-v4.9.2-1\nbridge-marker-container-v4.9.2-1\nkubevirt-template-validator-container-v4.9.2-1\ncluster-network-addons-operator-container-v4.9.2-1\nkubernetes-nmstate-handler-container-v4.9.2-1\nhostpath-provisioner-operator-container-v4.9.2-2\ncnv-must-gather-container-v4.9.2-2\nvirt-cdi-controller-container-v4.9.2-8\nvirt-cdi-apiserver-container-v4.9.2-8\nvirt-cdi-uploadserver-container-v4.9.2-8\nvirt-cdi-operator-container-v4.9.2-8\nvirt-cdi-uploadproxy-container-v4.9.2-8\nvirt-cdi-cloner-container-v4.9.2-8\nvirt-cdi-importer-container-v4.9.2-8\nhyperconverged-cluster-webhook-container-v4.9.2-6\nhyperconverged-cluster-operator-container-v4.9.2-6\nkubevirt-ssp-operator-container-v4.9.2-3\nkubevirt-v2v-conversion-container-v4.9.2-2\nvm-import-controller-container-v4.9.2-2\nvm-import-operator-container-v4.9.2-2\nvm-import-virtv2v-container-v4.9.2-2\nvirt-launcher-container-v4.9.2-7\nvirt-controller-container-v4.9.2-7\nvirt-api-container-v4.9.2-7\nvirt-operator-container-v4.9.2-7\nvirt-artifacts-server-container-v4.9.2-7\nlibguestfs-tools-container-v4.9.2-7\nvirt-handler-container-v4.9.2-7\nhco-bundle-registry-container-v4.9.2-27\n\nSecurity Fix(es):\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0191", "url": "https://access.redhat.com/errata/RHSA-2022:0191" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1954505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954505" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1992961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992961" }, { "category": "external", "summary": "1995824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995824" }, { "category": "external", "summary": "2015279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015279" }, { "category": "external", "summary": "2018468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018468" }, { "category": "external", "summary": "2022895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022895" }, { "category": "external", "summary": "2026198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026198" }, { "category": "external", "summary": "2028154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028154" }, { "category": "external", "summary": "2030198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030198" }, { "category": "external", "summary": "2032853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032853" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0191.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.2 Images security and bug fix update", "tracking": { "current_release_date": "2024-09-18T04:20:49+00:00", "generator": { "date": "2024-09-18T04:20:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2022:0191", "initial_release_date": "2022-01-19T17:48:00+00:00", "revision_history": [ { "date": "2022-01-19T17:48:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-01-19T17:48:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:20:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.9 for RHEL 8", "product": { "name": "CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.2-2" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.2-27" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.2-2" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.2-6" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.2-6" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.2-3" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "product": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.2-2" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "product": { "name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "product_id": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "product_id": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.2-8" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.2-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.2-7" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.2-2" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "product": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.2-2" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64", "product": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64", "product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.2-2" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64" }, "product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64" }, "product_reference": "container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64" }, "product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" }, "product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64", "relates_to_product_reference": "8Base-CNV-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0191" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0191" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:f860822b130abab11ae7885a645cc0e60b89e6264621e04303e73a6f58c22b16_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:762a7cc2936ba52085c72383932886994fc0b5c2d506bfcaa6e338427cbe77e9_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:627fb2b3af0136da38b914876f04ef209794bbbcde8237344610bcf0bf198483_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:c5da47b16fb1dbfb9c346d3717f471475c6d8d8b7ea260b1aca9f5569d53f26a_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:07acd97516a7aff634df212ed83d764527e92250ed38e770a27dbc8ce20b0d93_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:632c10fe92f88ea746e77d228139c78493eb7e2a9da6d8909d95994e72480363_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:edfafde9b6141ac687edc10acb1406dad4b47de35a97377661a9f84e09eec44e_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:1c1bb126ee278030833f97e21f7831cb2188ee57bf9f8cbb6bbc821fc8944c66_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:d2e61e23ae391e789f26878f2ba5feb75623c38af0cc22777f87e13baa2a3d5b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:4a92fd0720bd9f7513b65464b04b584772e8b2e3e4bae2883b0e1b7446daf7a7_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:c569004fbaffaebbba903320cf6d0da51c6102308a980d389410d83c1c355bac_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:d03ef28a0cc7d83a3e985837126b621977a60c74b98512e46905ab11a5535a36_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:6f95cee103dd998a8dcf6a2a6c88360ed87946ce5af3eb803340d5c1ae55d8e7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:b9656f356bcf5c5a7f2ad5efc72d05f944d5e1bcf173f2bbc1a9a71c12d6a100_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:4101df51a3e10fe70465d8909253dd7d32fda719ec461ddc10c45b1f6d415f1c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:3514c2d7beaab63ef6f34c448f77a4aa648e8497978022e4a3401d63ed12599a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:85eca11b17c03b8d99333e7c0fe4e46e181807dd5c552cd0cf540d7b3411b142_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:d788a3a8ad2a7f856db92d04a0494faf17d5574038cd9cc6c067d96eb6851b46_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:eaeb72ade36d20146b08d253ad486dbfac1bcf3ada352eded0158f88ede4be25_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" } ] }
rhsa-2021_2705
Vulnerability from csaf_redhat
Published
2021-07-13 21:41
Modified
2024-09-18 04:19
Summary
Red Hat Security Advisory: Release of OpenShift Serverless 1.16.0
Notes
Topic
Release of OpenShift Serverless 1.16.0
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.
Security Fix(es):
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Release of OpenShift Serverless 1.16.0\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2705", "url": "https://access.redhat.com/errata/RHSA-2021:2705" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index" }, { "category": "external", "summary": "1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "1971445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971445" }, { "category": "external", "summary": "1971448", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971448" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2705.json" } ], "title": "Red Hat Security Advisory: Release of OpenShift Serverless 1.16.0", "tracking": { "current_release_date": "2024-09-18T04:19:00+00:00", "generator": { "date": "2024-09-18T04:19:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "3.33.3" } }, "id": "RHSA-2021:2705", "initial_release_date": "2021-07-13T21:41:53+00:00", "revision_history": [ { "date": "2021-07-13T21:41:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-13T21:41:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-09-18T04:19:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Serverless 1.16", "product": { "name": "Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16", "product_identification_helper": { "cpe": "cpe:/a:redhat:serverless:1.16::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Serverless" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "product": { "name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "product_id": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "product_identification_helper": { "purl": "pkg:oci/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-operator-bundle\u0026tag=1.16.0-6" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "product": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "product_id": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/client-kn-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "product": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "product_id": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "product": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "product_id": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "product_id": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "product": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "product_id": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "product_id": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-filter-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "product_id": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtbroker-ingress-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "product_id": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtchannel-broker-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "product": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "product_id": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-mtping-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "product": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "product_id": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-storage-version-migration-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "product": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "product_id": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-sugar-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "product": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "product_id": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/eventing-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "product": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "product_id": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/ingress-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "product": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "product_id": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "product_identification_helper": { "purl": "pkg:oci/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/knative-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "product": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "product_id": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kn-cli-artifacts-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "product": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "product_id": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/kourier-control-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le", "product": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le", "product_id": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/svls-must-gather-rhel8\u0026tag=1.16.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "product": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "product_id": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "product_identification_helper": { "purl": "pkg:oci/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-controller-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "product": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "product_id": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/net-istio-webhook-rhel8\u0026tag=0.22.0-2" } } }, { "category": "product_version", "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "product": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "product_id": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serverless-rhel8-operator\u0026tag=1.16.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "product": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "product_id": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-activator-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "product": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "product_id": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-hpa-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "product": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "product_id": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-autoscaler-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "product": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "product_id": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-controller-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "product": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "product_id": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "product": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "product_id": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-domain-mapping-webhook-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "product": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "product_id": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-queue-rhel8\u0026tag=0.22.0-4" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "product": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "product_id": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-storage-version-migration-rhel8\u0026tag=0.22.0-3" } } }, { "category": "product_version", "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "product": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "product_id": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "product_identification_helper": { "purl": "pkg:oci/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/serving-webhook-rhel8\u0026tag=0.22.0-3" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le" }, "product_reference": "openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x" }, "product_reference": "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x" }, "product_reference": "openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x" }, "product_reference": "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64" }, "product_reference": "openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64" }, "product_reference": "openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x" }, "product_reference": "openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le" }, "product_reference": "openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x" }, "product_reference": "openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le" }, "product_reference": "openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x" }, "product_reference": "openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x" }, "product_reference": "openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x" }, "product_reference": "openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64" }, "product_reference": "openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le" }, "product_reference": "openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64" }, "product_reference": "openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le" }, "product_reference": "openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x" }, "product_reference": "openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64" }, "product_reference": "openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le" }, "product_reference": "openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le" }, "product_reference": "openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64" }, "product_reference": "openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le" }, "product_reference": "openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64 as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le as a component of Red Hat OpenShift Serverless 1.16", "product_id": "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" }, "product_reference": "openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le", "relates_to_product_reference": "8Base-Openshift-Serverless-1.16" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27918", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2021-03-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1937901" } ], "notes": [ { "category": "description", "text": "An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with `xml.NewTokenDecoder` it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with `EOF` within it, causing the parsing application to endlessly loop, resulting in a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), Red Hat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization all bundle vulnerable versions of the golang standard library (stdlib). However, no component within each product utilizes the function xml.NewTokenDecoder which is a requirement to be vulnerable. Hence, all affected components are marked as \"Will not fix\". Additionally no OCP container has been listed, as nearly all available containers are compiled with an affected version of Go, but do not utilize the function xml.NewTokenDecoder.\n\nRed Hat Ceph Storage (RHCS), Red Hat Gluster Storage 3 and OpenShift Container Storage 4 also bundles a vulnerable version of golang standard library \u0027encoding/xml\u0027, but does not utilize the function xml.NewTokenDecoder, and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27918" }, { "category": "external", "summary": "RHBZ#1937901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27918", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27918" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw", "url": "https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2705" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2705" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" }, { "cve": "CVE-2021-33196", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1965503" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in archive/zip of the Go standard library. Applications written in Go can panic or potentially exhaust system memory when parsing malformed ZIP files.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/zip: malformed archive may cause panic or memory exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "* In OpenShift Container Platform and OpenShift Service Mesh, multiple components are written in Go and use archive/zip from the standard library. However, all such components are short lived client side tools, not long lived server side executables. As the maximum impact of this vulnerability is a denial of service in client utilities, this vulnerability is rated Low for OpenShift Container Plaform and OpenShift Service Mesh.\n\n* Although OpenShift distributed tracing (formerly OpenShift Jaeger) components are compiled with a vulnerable version of Go, the vulnerable archive/zip package is currently not used by this product therefore these components are affected but with impact Low. Additionally only core OpenShift distributed tracing components have been listed.\n\n* Although Serverless does ship the affected package, it does not make use of the actual package and hence the impact is low.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s smart-gateway-container and sg-core-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33196" }, { "category": "external", "summary": "RHBZ#1965503", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965503" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33196", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "details": "See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index\n\nSee the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index", "product_ids": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2705" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:62c9ccb7831c988faf89dbf2029624b82a2884b5bebcb6e7cbec6b9e70f64706_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:7a0e0d72b6d6e230f12c925ed15955a91465a96e9571e997580ca05febf0e348_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/client-kn-rhel8@sha256:dc8ac0327c5d449b78fa0cbc7d530615bfd8ccaa5088a9a5773c8b563fcbbbb0_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:1958b772192cac8157250fbb30943f6ccf104bde5e3ee681e303c331abc12485_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:7919210c38d4e684b66826f9ac97b4d46ca3877ad4d0c14ed75408b1f8d5299f_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:c544198394e26287e8ccfa730d3d08fbd553a6a3ec9de50ebeeab76fc1746ad3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:356a15345f3473c2361d2be1f9bff8d79d09d4eb1024cb8de7cae98df855e69c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:5edfa95b4adaf5bebda75b9a01b33ea1b9f170a8a4225f9045aae30d33f5e21c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-controller-rhel8@sha256:a9935e0489acece6bc478c39feaaaf5fd1b422fc48abbb0c434f8d9d2576877e_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:56d9ec76de86392020e187e6650e4763175f3421ebbcafe6d3f28b50aa12dc52_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:90621924813d8876acdbbad612cf824660ff1146cc0c02cd0ef837fd7b8325a2_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:9c35e4c1c7f75433fe86d5ed50882b8fbf726e938933a0cb9235e1f037302ee2_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1a560c4a70d3b4fbbfcbe956cc732272fc6f438511aa7c1f7eec7f79daf55cd6_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:1f02f779e5318a9aac0904855250191c96a8ebb1f1ed0d764d99a4b6d53569d6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:bfedff56d61f7f55260ee3023ccc04a2b0ffcb5bd92b1221f325f922c86618bf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:5e69237ad7b367daaef8d1709eeb1b5ec882cba23c856dfdda8d31aaa239a745_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:6a8eb41e321fc5225352bde8afbb1f05670d182e72ca74c497f5cfcf1d13ef8b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c4090785e32de9f3b374652324fef78379c23774fac538c0ec958ac38daa8b58_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:0d6439505d115a57adedf117304db8421433ff90a89eaac4623a4d458b9adbef_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d1dafbc85819555d64789d53d7d8df385f7751011734152f2dbd09e08209e866_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:ff7bf6f39dd8dd52aa4f6b9ffafde6046261125cf77311f59e50c9c04a3f0a9c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:44a54d8ef641ebc5e5d2dd767f6d1df9ad5739d13a82505c822f3e30513822db_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:c4019a4ecc73872d421bf4fb7025892e2e564e3426e1037ec5f897a8b9eb21ff_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:dc737ab3465529879e56f1d05226028ae784399d18cad59463830462deec8ed1_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:11150afaf98cd4ea20bbcb81762709e71c93a435f3b6e8b08b5cf9c09a4fb68b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:2a057386f641d16a0f5ac736887ffce06eb645e4f6c4ce8e088af07be5f8e28d_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-mtping-rhel8@sha256:ecdf701499d23f0cb3aefa5e9bf590c90b809da53adc7dd60cdced30986d5478_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:34303a5cbbd0e91d2a16b2783f4b43c9eed1f90287df92aca01b7e56da43cc4c_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8485b4d234cba2bb967ca2f32b35b838155f56858ab3d0b736256cead0129e35_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:8af8882fb6e08283998ba11807174216a109e4056bfdf90dab51b2a79a649a19_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:004ce15b1680d1ba7dda5f321bd66f52b0938e13efef32fbdcbb4c6a2e2227a6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:4216b1d4106a68b90b73a0d176527497212f7440c912291c44602551a0ad110a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:a62f1428a4649813db23ced5d0307981efd346311473965cb9095a31ecb8ca98_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:152f331fe988ee24cfcf4a4dd924efaadb9da3558cfc00f44bbd3430c65c61a3_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:40c4d54de5a55ea7407b19cdb985588dab2d374b48ab1232fc8e2b713ad702a5_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/eventing-webhook-rhel8@sha256:ac57ab10541c199db2c06aca4235157f02c7ad64ddb1126ed9b448feb6104ae3_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:16050548a2fb0293dde41dda3fa952a9938d8af1b1b0da6e46b8cf5de99093be_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:263fcd37932877183b28db7914df71a6c93af18adad3705258b6468e7e370ac6_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/ingress-rhel8-operator@sha256:c2b6c2cb039a9e3eb4432041c46e8052e7893cdc9555e8cb8ff5cdadef2c5e57_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:956c1c43472d5befe77bf372f3a421c986c899aaecf43d3db0df09e6405a8ae1_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:9eccc9772309a9ca3aaa196bc527d17ae13ec7273b4957d958d019163e9a36c0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:ea8b54826fb158a89865c23e3b438ee67ad4266bf575eda426cb0ce84441bb37_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:4c80e1d9211575d9b270637a8266d665408ee9134782d7afe72a27202c99126a_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:8fed78abd4ac909c61520089409bdc8cedba431c96829b3c1ab2bba4c9b1e74c_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/knative-rhel8-operator@sha256:e78bc3a8109979984348b8eb2842f7b00c95657f6ed226ba3e5ba7de702d98ad_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:12610493609c2c7bc45344bba0fafdb7fb7be3675213af8f01ed529de79f172a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:164d9a395835ba419866acf959dcbe0cdba718e9f80848e6da28c06ec11176f6_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/kourier-control-rhel8@sha256:be5cc34d8e1c9a85945aa930021901d488e50d27c647d583ba85bac621cc1cbe_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:60f4f8600a06483289d97c9228844d3fea84b79263cd4361113f858425870995_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:a2c0c74cac2741ed4b187a30399cf6500c8d5dc66ee60d646af5c643972fd5bf_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-controller-rhel8@sha256:db9dfc01276a16c59bdf3671262e1c1db03ec3edfdd86b6dcfab9605fae5ba33_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:48492cdff1033a64ce6fb268b78d5abdf064036ea6976889754c5c0ce0b56859_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:a691e39d22a1e257943a5743fd71555eb38f0cab94ae929bb8191e7b035bea2f_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/net-istio-webhook-rhel8@sha256:b8bf79102c15f05be93efd996d54f24b0393c61cd5a66c2c0f6b75214997cf89_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-operator-bundle@sha256:45419a1e5f451a457a763e8767873595bf1977aee9ee69b5a15eaade90faf0d0_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:0ead0cc1806cb7d4824f67fd06829773b933a43bc823dd1770f8fd745b03d968_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:50b050172d484da11dc0c317b328a798d5a8f088cfda876dc1d2e335030f4938_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serverless-rhel8-operator@sha256:d6825c498b3661c097bd946f402eb3fbf9aedbc1b52fa099d0d92b8307d4690b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:397eeb294c009c99e810555876bcd27d24c70aee52978ed838bc68ff3a6b0f8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:81c5483bd8c248b6b4fb9dbeb24ddf12496531774332a3c6b33f34471713fb53_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-activator-rhel8@sha256:9037fec0b9915bdbf11efbde6e2dd0af4604e204f1554f44aa082aa970b78868_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:0a3f9d8474b78fe867dfcbca13c21fd8b41bb63372b6a4ebd3cfc65995a8f207_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:676fb8528b1b442775868d375bb90f89906763693f4aff6568ebd6c99ebe6e70_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:80ae260bcfc58cff4113a88d789557c0a96dab6fbf5984a9c4b840efb010092c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:7b495472669242f9492d1743473f064525f6ef6320d2de5a27de447a5f3c3fce_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:b3453234fe414a73f2c4d53fefa785fb79fe5647e3340f7b15d4a1f271ab7d8d_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-autoscaler-rhel8@sha256:e24a5b56a311fa5d2fa201c2a51b4ad53e1b70ab1e11189cff7eb35933bea289_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:a24e1b4ca40d394065b7d018089de285fb5ab09228f84af3049f98d6ed740db5_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:b5079ee10f5d18e0818b1951f6bfac4acce2d24b4e2b1af8097dae765c4b7950_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-controller-rhel8@sha256:f32b2d04db548a53374fc9b708ef9c151d7e673b06e811231db25113a9175457_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:62b6bee16f5ad365c3e87b190855f8697c12e5dfe8a70c908a3345fbadd72540_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:98d9bc011904f9ec6c7ba02effa9259baab3ecb3e31753af56d51e8086a9d900_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-rhel8@sha256:ad51d53d099fcb502857a05b72fe63c9540f19f3f9eb6b4e117343054a0f0f71_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:608e5a5dd723e379d92cb1584fcccb2b712c47a8491f0874a618d610db539bf4_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:8db5fc0b74f85cc51c2ad869dd2bff3248c7044e2015101649ecda7f995b734b_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f65aa9bc1f1f885297dd52cd095726e76f0e75984e650181d81ff040e6800717_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:562e64503d96ec5715d4b9dc479885a13f2cfa987bc022b293bdf8726fa00a6a_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:dc610c3c175b4634b6b85c0d3dc7364856f22bda5540468543641aaed4ec9c9f_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-queue-rhel8@sha256:e5f6b1d33b7700ff42928bab45927dffdb993600b33205dd8cbf42d84f7e907c_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1416c5c4a579f5d169dcb0a006580dc574ddd9eeacc145b1d0069bf94130bead_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:70d4d795e7c883a412f319cf78aef9c080d78d340520c2948193d95cec45500b_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:ab3514a73870a208855823497485cf4ac67c1fe3dd94f24bc0a0e12c30ea4387_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:2cf4d5aae44791dfab21f77ba9c6b349b94b458526e361b1f1fc1715277d60af_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:7b5771038dad92c2608bc355c0267670bf4abbe44b2de602617708444e932b25_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/serving-webhook-rhel8@sha256:87e8cdea01d415bae6a5aaa201648ea18268db934e884d33ef66af38eef38537_ppc64le", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:1ecc8287f0b7943b6db606145f137c0f7a961e4371216dd7e97fdaff105617cf_s390x", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:bb49477b7e54a534d1a6f7aaa007a893481d6b7902f7c1612dca50c8205dd214_amd64", "8Base-Openshift-Serverless-1.16:openshift-serverless-1/svls-must-gather-rhel8@sha256:e1fc67c5720e9410d6c3d16ed815a779d2fc2cfeb02b95ce9f54cd115847fc4b_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion" } ] }
ghsa-h86h-8ppg-mxmh
Vulnerability from github
Published
2022-05-24 19:03
Modified
2024-05-20 20:30
Severity
Summary
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Details
golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "golang.org/x/net" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.0.0-20210428140749-89ef3d95e781" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-31525" ], "database_specific": { "cwe_ids": [ "CWE-674" ], "github_reviewed": true, "github_reviewed_at": "2023-02-08T00:35:49Z", "nvd_published_at": "2021-05-27T13:15:00Z", "severity": "MODERATE" }, "details": "golang.org/x/net/http/httpguts in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.", "id": "GHSA-h86h-8ppg-mxmh", "modified": "2024-05-20T20:30:58Z", "published": "2022-05-24T19:03:29Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "type": "WEB", "url": "https://github.com/golang/go/issues/45710" }, { "type": "PACKAGE", "url": "https://github.com/golang/go" }, { "type": "WEB", "url": "https://go.dev/cl/313069" }, { "type": "WEB", "url": "https://go.dev/issue/45710" }, { "type": "WEB", "url": "https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9" }, { "type": "WEB", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF" }, { "type": "WEB", "url": "https://pkg.go.dev/vuln/GO-2022-0236" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202208-02" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion" }
wid-sec-w-2023-2229
Vulnerability from csaf_certbund
Published
2023-08-30 22:00
Modified
2024-05-28 22:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2229 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json" }, { "category": "self", "summary": "WID-SEC-2023-2229 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0801" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0802" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0803" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0804" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0805" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0806" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0807" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0808" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28", "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html" } ], "source_lang": "en-US", "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-28T22:00:00.000+00:00", "generator": { "date": "2024-05-29T08:07:49.870+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2229", "initial_release_date": "2023-08-30T22:00:00.000+00:00", "revision_history": [ { "date": "2023-08-30T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.1.1", "product": { "name": "Splunk Splunk Enterprise \u003c9.1.1", "product_id": "T029634", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.1.1" } } }, { "category": "product_version_range", "name": "\u003c9.0.6", "product": { "name": "Splunk Splunk Enterprise \u003c9.0.6", "product_id": "T029635", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.6" } } }, { "category": "product_version_range", "name": "\u003c8.2.12", "product": { "name": "Splunk Splunk Enterprise \u003c8.2.12", "product_id": "T029636", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.12" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-7489", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2013-7489" }, { "cve": "CVE-2018-10237", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-10237" }, { "cve": "CVE-2018-20225", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-20225" }, { "cve": "CVE-2019-20454", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20454" }, { "cve": "CVE-2019-20838", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20838" }, { "cve": "CVE-2020-14155", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-14155" }, { "cve": "CVE-2020-28469", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28469" }, { "cve": "CVE-2020-28851", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28851" }, { "cve": "CVE-2020-29652", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-29652" }, { "cve": "CVE-2020-8169", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8177", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8231", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8284", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8285", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8286", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2021-20066", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-20066" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2021-22876", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22876" }, { "cve": "CVE-2021-22890", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22898", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22901", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22922", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22924", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22925", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22926", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-23343", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23343" }, { "cve": "CVE-2021-23382", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23382" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-27919", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27919" }, { "cve": "CVE-2021-29060", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29060" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-29923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29923" }, { "cve": "CVE-2021-31525", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31525" }, { "cve": "CVE-2021-31566", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31566" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33198", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33198" }, { "cve": "CVE-2021-34558", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-34558" }, { "cve": "CVE-2021-3520", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3520" }, { "cve": "CVE-2021-3572", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3572" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-3803", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3803" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-39293", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-39293" }, { "cve": "CVE-2021-41182", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41182" }, { "cve": "CVE-2021-41183", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41183" }, { "cve": "CVE-2021-41184", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41184" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-41772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41772" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44717", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44717" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1941", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1941" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-22576", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-22576" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-24921", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24921" }, { "cve": "CVE-2022-24999", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24999" }, { "cve": "CVE-2022-25881", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-25881" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27536" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27774", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27774" }, { "cve": "CVE-2022-27775", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27775" }, { "cve": "CVE-2022-27776", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27776" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27779", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27779" }, { "cve": "CVE-2022-27780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27780" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-30115", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30115" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-33987", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-33987" }, { "cve": "CVE-2022-3509", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3509" }, { "cve": "CVE-2022-3510", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3510" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-40897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40897" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41720", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41720" }, { "cve": "CVE-2022-41722", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41722" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-23915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23915" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-24539", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24539" }, { "cve": "CVE-2023-24540", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24540" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27537", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27537" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-29400", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29400" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29403", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29403" }, { "cve": "CVE-2023-29404", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29404" }, { "cve": "CVE-2023-29405", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29405" }, { "cve": "CVE-2023-40592", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40592" }, { "cve": "CVE-2023-40593", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40593" }, { "cve": "CVE-2023-40594", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40594" }, { "cve": "CVE-2023-40595", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40595" }, { "cve": "CVE-2023-40596", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40596" }, { "cve": "CVE-2023-40597", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40597" }, { "cve": "CVE-2023-40598", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40598" } ] }
gsd-2021-31525
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-31525", "description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.", "id": "GSD-2021-31525", "references": [ "https://www.suse.com/security/cve/CVE-2021-31525.html", "https://access.redhat.com/errata/RHSA-2022:0308", "https://access.redhat.com/errata/RHSA-2022:0191", "https://access.redhat.com/errata/RHSA-2021:5072", "https://access.redhat.com/errata/RHSA-2021:4104", "https://access.redhat.com/errata/RHSA-2021:4103", "https://access.redhat.com/errata/RHSA-2021:3759", "https://access.redhat.com/errata/RHSA-2021:3748", "https://access.redhat.com/errata/RHSA-2021:3733", "https://access.redhat.com/errata/RHSA-2021:3556", "https://access.redhat.com/errata/RHSA-2021:3555", "https://access.redhat.com/errata/RHSA-2021:3487", "https://access.redhat.com/errata/RHSA-2021:3248", "https://access.redhat.com/errata/RHSA-2021:3076", "https://access.redhat.com/errata/RHSA-2021:2984", "https://access.redhat.com/errata/RHSA-2021:2983", "https://access.redhat.com/errata/RHBA-2021:2979", "https://access.redhat.com/errata/RHBA-2021:2854", "https://access.redhat.com/errata/RHSA-2021:2705", "https://access.redhat.com/errata/RHSA-2021:2704", "https://access.redhat.com/errata/RHEA-2021:2679", "https://access.redhat.com/errata/RHSA-2021:2543", "https://advisories.mageia.org/CVE-2021-31525.html", "https://security.archlinux.org/CVE-2021-31525", "https://access.redhat.com/errata/RHSA-2022:0577", "https://alas.aws.amazon.com/cve/html/CVE-2021-31525.html", "https://linux.oracle.com/cve/CVE-2021-31525.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-31525" ], "details": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.", "id": "GSD-2021-31525", "modified": "2023-12-13T01:23:13.638350Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "name": "https://github.com/golang/go/issues/45710", "refsource": "MISC", "url": "https://github.com/golang/go/issues/45710" }, { "name": "FEDORA-2021-ee3c072cd0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c0.0.0-20210428140749-89ef3d95e781", "affected_versions": "All versions before 0.0.0-20210428140749-89ef3d95e781", "cvss_v2": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-674", "CWE-937" ], "date": "2023-02-24", "description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.", "fixed_versions": [ "0.0.0-20210428140749-89ef3d95e781" ], "identifier": "CVE-2021-31525", "identifiers": [ "GHSA-h86h-8ppg-mxmh", "CVE-2021-31525" ], "not_impacted": "All versions starting from 0.0.0-20210428140749-89ef3d95e781", "package_slug": "go/golang.org/x/net", "pubdate": "2022-05-24", "solution": "Upgrade to version 0.0.0-20210428140749-89ef3d95e781 or above.", "title": "Uncontrolled Recursion", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "https://github.com/golang/go/issues/45710", "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/", "https://security.gentoo.org/glsa/202208-02", "https://go.dev/cl/313069", "https://go.dev/issue/45710", "https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9", "https://pkg.go.dev/vuln/GO-2022-0236", "https://github.com/advisories/GHSA-h86h-8ppg-mxmh" ], "uuid": "544dcb81-3d1d-4416-90bc-44760954eb08" }, { "affected_range": "\u003c0.0.0-20210428140749-89ef3d95e781", "affected_versions": "All versions before 0.0.0-20210428140749-89ef3d95e781", "cvss_v2": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-674", "CWE-937" ], "date": "2023-02-08", "description": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.", "fixed_versions": [ "0.0.0-20210428140749-89ef3d95e781" ], "identifier": "CVE-2021-31525", "identifiers": [ "GHSA-h86h-8ppg-mxmh", "CVE-2021-31525" ], "not_impacted": "All versions starting from 0.0.0-20210428140749-89ef3d95e781", "package_slug": "go/golang.org/x/net/http/httpguts", "pubdate": "2022-05-24", "solution": "Upgrade to version 0.0.0-20210428140749-89ef3d95e781 or above.", "title": "Uncontrolled Recursion", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "https://github.com/golang/go/issues/45710", "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/", "https://security.gentoo.org/glsa/202208-02", "https://go.dev/cl/313069", "https://go.dev/issue/45710", "https://go.googlesource.com/net/+/89ef3d95e781148a0951956029c92a211477f7f9", "https://pkg.go.dev/vuln/GO-2022-0236", "https://github.com/advisories/GHSA-h86h-8ppg-mxmh" ], "uuid": "f6c19b58-1076-45b3-b566-9e93b1735e2e" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.16.4", "versionStartIncluding": "1.16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.12", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31525" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-674" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/golang/go/issues/45710", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/golang/go/issues/45710" }, { "name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "refsource": "MISC", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" }, { "name": "FEDORA-2021-ee3c072cd0", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6 } }, "lastModifiedDate": "2022-11-09T03:32Z", "publishedDate": "2021-05-27T13:15Z" } } }
Loading...