Lucene search

K
redhatRedHatRHSA-2022:0318
HistoryJan 27, 2022 - 4:46 p.m.

(RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update

2022-01-2716:46:55
access.redhat.com
50
rhsa-2022:0318
red hat openshift
distributed tracing
golang
security update
cve-2021-29923
cve-2021-36221

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.7%

Release of Red Hat OpenShift distributed Tracing provides these changes:

Security Fix(es):

  • golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)

  • golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The Red Hat OpenShift distributed tracing release notes provide information on
the features and known issues:

https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.7%