rhsa-2022_7058
Vulnerability from csaf_redhat
Published
2022-10-19 22:19
Modified
2024-11-06 01:48
Summary
Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

Notes

Topic
OpenShift sandboxed containers 1.3.1 is now available.
Details
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift sandboxed containers 1.3.1 is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime.\n\nThis advisory contains an update for OpenShift sandboxed containers with  security fixes and a bug fix.\n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. See the following Release Notes documentation,\nwhich will be updated shortly for this release, for details about these\nchanges:\n\nhttps://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:7058",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "external",
        "summary": "2107386",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
      },
      {
        "category": "external",
        "summary": "2118556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
      },
      {
        "category": "external",
        "summary": "KATA-1754",
        "url": "https://issues.redhat.com/browse/KATA-1754"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7058.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-06T01:48:48+00:00",
      "generator": {
        "date": "2024-11-06T01:48:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2022:7058",
      "initial_release_date": "2022-10-19T22:19:53+00:00",
      "revision_history": [
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-10-19T22:19:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T01:48:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Sandboxed Containers 1.3",
                "product": {
                  "name": "OpenShift Sandboxed Containers 1.3",
                  "product_id": "8Base-OSE-OSC-1.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1.3.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel8\u0026tag=1.3.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel8\u0026tag=1.3.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle\u0026tag=1.3.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                "product": {
                  "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_id": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers/osc-rhel8-operator\u0026tag=1.3.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64 as a component of OpenShift Sandboxed Containers 1.3",
          "product_id": "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        },
        "product_reference": "openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64",
        "relates_to_product_reference": "8Base-OSE-OSC-1.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "sangjun"
          ]
        }
      ],
      "cve": "CVE-2022-2832",
      "cwe": {
        "id": "CWE-395",
        "name": "Use of NullPointerException Catch to Detect NULL Pointer Dereference"
      },
      "discovery_date": "2022-08-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2118556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "blender: Null pointer reference in blender thumbnail extractor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2118556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-2832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2832"
        }
      ],
      "release_date": "2022-08-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "blender: Null pointer reference in blender thumbnail extractor"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-30632",
      "cwe": {
        "id": "CWE-1325",
        "name": "Improperly Controlled Sequential Memory Allocation"
      },
      "discovery_date": "2022-07-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2107386"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: path/filepath: stack exhaustion in Glob",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
          "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "RHBZ#2107386",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/53416",
          "url": "https://go.dev/issue/53416"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
          "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
        }
      ],
      "release_date": "2022-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T22:19:53+00:00",
          "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html",
          "product_ids": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:7058"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-monitor-rhel8@sha256:4030d96a383f9d20de9e66ee6f6beb7e400f5640d1e5913888fe4bb4a11839e7_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-must-gather-rhel8@sha256:b3192b8464c1aa320872ba00adcfbd6ef1f0e2e579b1d74baec771b8e21d9a5c_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-operator-bundle@sha256:7ca09fa0c33ec0ebec22fd83e636f9f9f5ff93ae98d449de3df6222978cfda77_amd64",
            "8Base-OSE-OSC-1.3:openshift-sandboxed-containers/osc-rhel8-operator@sha256:ce0e4f415f165f5f65c72e3a499c6922a2d88e6c3d2960b007744e3bbbe2e78b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: path/filepath: stack exhaustion in Glob"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.