rhsa-2022_0947
Vulnerability from csaf_redhat
Published
2022-03-16 15:45
Modified
2024-11-13 23:41
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.0 images:
RHEL-8-CNV-4.10
==============
kubevirt-velero-plugin-container-v4.10.0-8
virtio-win-container-v4.10.0-10
kubevirt-template-validator-container-v4.10.0-16
hostpath-csi-driver-container-v4.10.0-32
hostpath-provisioner-container-v4.10.0-32
hostpath-provisioner-operator-container-v4.10.0-62
cnv-must-gather-container-v4.10.0-110
virt-cdi-controller-container-v4.10.0-90
virt-cdi-apiserver-container-v4.10.0-90
virt-cdi-uploadserver-container-v4.10.0-90
virt-cdi-uploadproxy-container-v4.10.0-90
virt-cdi-operator-container-v4.10.0-90
virt-cdi-cloner-container-v4.10.0-90
virt-cdi-importer-container-v4.10.0-90
kubevirt-ssp-operator-container-v4.10.0-50
virt-api-container-v4.10.0-217
hyperconverged-cluster-webhook-container-v4.10.0-133
libguestfs-tools-container-v4.10.0-217
virt-handler-container-v4.10.0-217
virt-launcher-container-v4.10.0-217
virt-artifacts-server-container-v4.10.0-217
virt-controller-container-v4.10.0-217
node-maintenance-operator-container-v4.10.0-48
hyperconverged-cluster-operator-container-v4.10.0-133
virt-operator-container-v4.10.0-217
cnv-containernetworking-plugins-container-v4.10.0-49
kubemacpool-container-v4.10.0-49
bridge-marker-container-v4.10.0-49
ovs-cni-marker-container-v4.10.0-49
ovs-cni-plugin-container-v4.10.0-49
kubernetes-nmstate-handler-container-v4.10.0-49
cluster-network-addons-operator-container-v4.10.0-49
hco-bundle-registry-container-v4.10.0-696
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.10.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.0 images:\n\nRHEL-8-CNV-4.10\n\n==============\n\nkubevirt-velero-plugin-container-v4.10.0-8\nvirtio-win-container-v4.10.0-10\nkubevirt-template-validator-container-v4.10.0-16\nhostpath-csi-driver-container-v4.10.0-32\nhostpath-provisioner-container-v4.10.0-32\nhostpath-provisioner-operator-container-v4.10.0-62\ncnv-must-gather-container-v4.10.0-110\nvirt-cdi-controller-container-v4.10.0-90\nvirt-cdi-apiserver-container-v4.10.0-90\nvirt-cdi-uploadserver-container-v4.10.0-90\nvirt-cdi-uploadproxy-container-v4.10.0-90\nvirt-cdi-operator-container-v4.10.0-90\nvirt-cdi-cloner-container-v4.10.0-90\nvirt-cdi-importer-container-v4.10.0-90\nkubevirt-ssp-operator-container-v4.10.0-50\nvirt-api-container-v4.10.0-217\nhyperconverged-cluster-webhook-container-v4.10.0-133\nlibguestfs-tools-container-v4.10.0-217\nvirt-handler-container-v4.10.0-217\nvirt-launcher-container-v4.10.0-217\nvirt-artifacts-server-container-v4.10.0-217\nvirt-controller-container-v4.10.0-217\nnode-maintenance-operator-container-v4.10.0-48\nhyperconverged-cluster-operator-container-v4.10.0-133\nvirt-operator-container-v4.10.0-217\ncnv-containernetworking-plugins-container-v4.10.0-49\nkubemacpool-container-v4.10.0-49\nbridge-marker-container-v4.10.0-49\novs-cni-marker-container-v4.10.0-49\novs-cni-plugin-container-v4.10.0-49\nkubernetes-nmstate-handler-container-v4.10.0-49\ncluster-network-addons-operator-container-v4.10.0-49\nhco-bundle-registry-container-v4.10.0-696\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:0947", "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1760028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1760028" }, { "category": "external", "summary": "1855182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855182" }, { "category": "external", "summary": "1906151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906151" }, { "category": "external", "summary": "1918294", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918294" }, { "category": "external", "summary": "1935217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935217" }, { "category": "external", "summary": "1945586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945586" }, { "category": "external", "summary": "1958085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958085" }, { "category": "external", "summary": "1959039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959039" }, { "category": "external", "summary": "1975978", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975978" }, { "category": "external", "summary": "1983079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983079" }, { "category": "external", "summary": "1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "1986970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986970" }, { "category": "external", "summary": "1987009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987009" }, { "category": "external", "summary": "1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "1990061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990061" }, { "category": "external", "summary": "1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "1992231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992231" }, { "category": "external", "summary": "1993454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993454" }, { "category": "external", "summary": "1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "1997540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997540" }, { "category": "external", "summary": "1998300", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998300" }, { "category": "external", "summary": "1999110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999110" }, { "category": "external", "summary": "1999636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999636" }, { "category": "external", "summary": "2000480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000480" }, { "category": "external", "summary": "2001984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001984" }, { "category": "external", "summary": "2001987", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001987" }, { "category": "external", "summary": "2002272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002272" }, { "category": "external", "summary": "2003704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003704" }, { "category": "external", "summary": "2007397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007397" }, { "category": "external", "summary": "2008140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008140" }, { "category": "external", "summary": "2008411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008411" }, { "category": "external", "summary": "2008938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008938" }, { "category": "external", "summary": "2008949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008949" }, { "category": "external", "summary": "2008975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008975" }, { "category": "external", "summary": "2010540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010540" }, { "category": "external", "summary": "2010908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010908" }, { "category": "external", "summary": "2012920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012920" }, { "category": "external", "summary": "2013160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013160" }, { "category": "external", "summary": "2013455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013455" }, { "category": "external", "summary": "2015327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015327" }, { "category": "external", "summary": "2017255", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017255" }, { "category": "external", "summary": "2018457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018457" }, { "category": "external", "summary": "2018925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018925" }, { "category": "external", "summary": "2018970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018970" }, { "category": "external", "summary": "2019053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019053" }, { "category": "external", "summary": "2021992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021992" }, { "category": "external", "summary": "2025295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025295" }, { "category": "external", "summary": "2025750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025750" }, { "category": "external", "summary": "2025878", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025878" }, { "category": "external", "summary": "2026336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026336" }, { "category": "external", "summary": "2026363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026363" }, { "category": "external", "summary": "2026665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026665" }, { "category": "external", "summary": "2026667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026667" }, { "category": "external", "summary": "2027420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027420" }, { "category": "external", "summary": "2027922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027922" }, { "category": "external", "summary": "2029343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029343" }, { "category": "external", "summary": "2029767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029767" }, { "category": "external", "summary": "2030660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030660" }, { "category": "external", "summary": "2030686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030686" }, { "category": "external", "summary": "2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "2031033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031033" }, { "category": "external", "summary": "2031688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031688" }, { "category": "external", "summary": "2031727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031727" }, { "category": "external", "summary": "2031919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031919" }, { "category": "external", "summary": "2032045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032045" }, { "category": "external", "summary": "2032845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032845" }, { "category": "external", "summary": "2032873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032873" }, { "category": "external", "summary": "2032876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032876" }, { "category": "external", "summary": "2033240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033240" }, { "category": "external", "summary": "2033252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033252" }, { "category": "external", "summary": "2034544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034544" }, { "category": "external", "summary": "2035008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035008" }, { "category": "external", "summary": "2035324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035324" }, { "category": "external", "summary": "2035658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035658" }, { "category": "external", "summary": "2035677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035677" }, { "category": "external", "summary": "2036220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036220" }, { "category": "external", "summary": "2036483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036483" }, { "category": "external", "summary": "2036605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036605" }, { "category": "external", "summary": "2037270", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037270" }, { "category": "external", "summary": "2037290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037290" }, { "category": "external", "summary": "2037312", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037312" }, { "category": "external", "summary": "2037421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037421" }, { "category": "external", "summary": "2038679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038679" }, { "category": "external", "summary": "2038825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038825" }, { "category": "external", "summary": "2038831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038831" }, { "category": "external", "summary": "2038985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038985" }, { "category": "external", "summary": "2039196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039196" }, { "category": "external", "summary": "2039208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039208" }, { "category": "external", "summary": "2039489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039489" }, { "category": "external", "summary": "2039683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039683" }, { "category": "external", "summary": "2039686", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039686" }, { "category": "external", "summary": "2039691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039691" }, { "category": "external", "summary": "2040113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040113" }, { "category": "external", "summary": "2040115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040115" }, { "category": "external", "summary": "2041519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041519" }, { "category": "external", "summary": "2041530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041530" }, { "category": "external", "summary": "2042139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042139" }, { "category": "external", "summary": "2042799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042799" }, { "category": "external", "summary": "2042842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042842" }, { "category": "external", "summary": "2042856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042856" }, { "category": "external", "summary": "2042880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042880" }, { "category": "external", "summary": "2042908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042908" }, { "category": "external", "summary": "2044348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044348" }, { "category": "external", "summary": "2044398", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044398" }, { "category": "external", "summary": "2046271", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046271" }, { "category": "external", "summary": "2048227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048227" }, { "category": "external", "summary": "2048275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048275" }, { "category": "external", "summary": "2051105", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051105" }, { "category": "external", "summary": "2051693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051693" }, { "category": "external", "summary": "2051968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051968" }, { "category": "external", "summary": "2052489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052489" }, { "category": "external", "summary": "2053027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053027" }, { "category": "external", "summary": "2058167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058167" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0947.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.10.0 Images security and bug fix update", "tracking": { "current_release_date": "2024-11-13T23:41:53+00:00", "generator": { "date": "2024-11-13T23:41:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2022:0947", "initial_release_date": "2022-03-16T15:45:58+00:00", "revision_history": [ { "date": "2022-03-16T15:45:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-03-16T15:45:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T23:41:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.10 for RHEL 8", "product": { "name": "CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.10.0-110" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.10.0-696" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.10.0-32" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.10.0-32" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.10.0-32" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.10.0-62" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.10.0-133" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.10.0-133" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.10.0-50" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.10.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.10.0-48" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.10.0-49" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "product_id": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.10.0-90" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.10.0-10" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.10.0-217" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.10.0-217" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64", "relates_to_product_reference": "8Base-CNV-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-29923", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1992006" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-29923" }, { "category": "external", "summary": "RHBZ#1992006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923", "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923" }, { "category": "external", "summary": "https://sick.codes/sick-2021-016/", "url": "https://sick.codes/sick-2021-016/" } ], "release_date": "2021-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet" }, { "cve": "CVE-2021-33195", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989564" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: lookup functions may return invalid host names", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33195" }, { "category": "external", "summary": "RHBZ#1989564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: lookup functions may return invalid host names" }, { "cve": "CVE-2021-33197", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989570" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33197" }, { "category": "external", "summary": "RHBZ#1989570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-05-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty" }, { "cve": "CVE-2021-33198", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1989575" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", "title": "Vulnerability summary" }, { "category": "other", "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-33198" }, { "category": "external", "summary": "RHBZ#1989575", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198", "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI" } ], "release_date": "2021-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents" }, { "cve": "CVE-2021-34558", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1983596" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-34558" }, { "category": "external", "summary": "RHBZ#1983596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558", "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.15.minor", "url": "https://golang.org/doc/devel/release#go1.15.minor" }, { "category": "external", "summary": "https://golang.org/doc/devel/release#go1.16.minor", "url": "https://golang.org/doc/devel/release#go1.16.minor" } ], "release_date": "2021-07-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic" }, { "cve": "CVE-2021-36221", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2021-08-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1995656" } ], "notes": [ { "category": "description", "text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic", "title": "Vulnerability summary" }, { "category": "other", "text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-36221" }, { "category": "external", "summary": "RHBZ#1995656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221", "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk", "url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk" } ], "release_date": "2021-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic" }, { "cve": "CVE-2021-44716", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030801" } ], "notes": [ { "category": "description", "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: limit growth of header canonicalization cache", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44716" }, { "category": "external", "summary": "RHBZ#2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: limit growth of header canonicalization cache" }, { "cve": "CVE-2021-44717", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030806" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error", "title": "Vulnerability summary" }, { "category": "other", "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44717" }, { "category": "external", "summary": "RHBZ#2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-03-16T15:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:0947" }, { "category": "workaround", "details": "This bug can be mitigated by raising the per-process file descriptor limit.", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:946d8c7ac55eed8d4b50feb9bd583e566280084ff76150a7f53314faa2b6ab67_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:21b1cd4fb9a395102e27ad7a291aee6aefdfac4b1524a7110636d0307d68a9c2_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:6a7f96677baedde6282675a7011d5965a07608cd596caaf7967f9a2823fe7d2f_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:62a0b34b90514c743a129270fdc85ed2ecffd6460606176080c6b5b91103f29f_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:35b29e8eb48d9818a1217d5b89e4dcb7a900c5c5e6ae3745683813c5708c86e9_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:f0519da54d7c1ebb8cca73f8222ae9b26bafd7f7bcf62bd84d256a86a6cfe3ab_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:95e2d880c43a8333d9d351f391a0b65b3085fc0236908ab1df2d5aabea6069a8_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:f396b60e29000834bcb4ebfa8ea9a8c67280f7cac080ecbbe7ff4b2e19b5897f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:092b22e2dab463306ccc3a3817046a4e327b6f16b1ce3f3619329436b81047f0_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:4fd8d3c8ced084991de9d21a3ecdf0f512c6702d391ddf2a9817a5430c14a254_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:c2b2dbf742429c80e3c2ac8a7a6844f971e8c16c63b3eb0cc878f306cb04d4cb_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:5e0d2f8647eb83d7b3b22a80b4593eee033b6d1485bd89ae9bc90bfeee953b56_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:70d559676fa416e87062bc07f5415e62d1df8a20d5848992a54e691011a7aa7c_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:344d9a9ba1564278bb4bde072bf65447c42b49fcaf819d7aa905b5adb7eaaa9e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:cb64c3aea1d7d2d00b04cdb1da051f084c6874a5908ec69f50a2a858d710341d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:6060538f9ff00a856ba0f46cedf98c76a171aeea8b81f7f6c7a62326a7ea40b6_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:a000a9d35271501bd20084427b4b6db736ba6b6a23ddfab75a2867dac9a9be84_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:c8fc3c21b74d18c831e5a24d728b9d227feb09661cd2d9d68708880b21efb83e_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:7a55175cbaa7049e32f7238ba6a79e3f893f345011db83139de635e9a9c5ccf0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:54d0c8b98f312b9f1e8e2858cbc0fbb6eb59b85e87a2c84b92e7380965096ead_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:44566f5489fe19a06e370360a85f47dfc9fcd8eed48e3400a8128b505ba7cc9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:b64dcceee917ec5fd626376421f2cd9312157a081b9462f5cf27d616926c2cc0_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:0ef594a814b548b3846062cfe900290b9f93be03d8f09937d540024d47becc60_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:17d12998bd79152a96e82db905897a1dd3b5119141f9fd9b42750f213f99829f_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:2d78cb1eb30b39cb09030811016c016a833b88c55d3f759bdae95bb77ecf384a_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:a5cd7fc7bfd87376f2aad0f044a951f370442adbb463ff7a4c7f856382b11003_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:f30b342abc922126dbc657a20821529249458b27707b18aa4eda26ca37913cdc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:62065ae5ac5c032dcac15ade3e06c51ec3a8d9eca3898adbd7887764613c3fbe_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:19f3cd981dab062e8b3ca5c63a5ebe602e5555d6f4f896abcf109b89814bc3b4_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:12acc4f0ccfb5f171aee6042052da551b2c46f35c99702d512b628c8b59812bc_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:1b0b35d082094c398dd87ac6d9ecc1a0d88f1e9205a476c4447f30a14ca9e80d_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:e843ab661ec7189936c491a230b7fa5de91841bb514542c6e5a4df576e86d7a5_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.