(RHSA-2021:1324) Important: Red Hat OpenShift Service Mesh 2.0.3 security update

2021-04-2208:29:12

access.redhat.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.7%

JSON

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

envoyproxy/envoy: integer overflow handling large grpc-timeouts (CVE-2021-28682)
envoyproxy/envoy: NULL pointer dereference in TLS alert code handling (CVE-2021-28683)
envoyproxy/envoy: crash with empty HTTP/2 metadata map (CVE-2021-29258)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64servicemesh-proxy< 2.0.3-1.el8servicemesh-proxy-2.0.3-1.el8.x86_64.rpm
RedHat8s390xservicemesh-proxy< 2.0.3-1.el8servicemesh-proxy-2.0.3-1.el8.s390x.rpm
RedHat8ppc64leservicemesh-proxy< 2.0.3-1.el8servicemesh-proxy-2.0.3-1.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	servicemesh-proxy	< 2.0.3-1.el8	servicemesh-proxy-2.0.3-1.el8.x86_64.rpm
RedHat	8	s390x	servicemesh-proxy	< 2.0.3-1.el8	servicemesh-proxy-2.0.3-1.el8.s390x.rpm
RedHat	8	ppc64le	servicemesh-proxy	< 2.0.3-1.el8	servicemesh-proxy-2.0.3-1.el8.ppc64le.rpm