Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6156
HistoryAug 24, 2022 - 1:44 p.m.

(RHSA-2022:6156) Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

2022-08-2413:44:13
access.redhat.com
57

0.106 Low

EPSS

Percentile

95.1%

JSON

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

  • eventsource: Exposure of Sensitive Information (CVE-2022-1650)

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)

  • nanoid: Information disclosure via valueOf() function (CVE-2021-23566)

  • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)

  • prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)

  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

  • golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

  • node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery (CVE-2022-24771)

  • node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)

  • node-forge: Signature verification leniency in checking DigestInfo structure (CVE-2022-24773)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

  • golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)

  • golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)

  • golang: syscall: faccessat checks wrong group (CVE-2022-29526)

  • go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements.

Related

redhat 25
ibm 14
oraclelinux 8
nessus 57
openvas 36
osv 13
almalinux 4
rocky 5
amazon 1
debian 2
freebsd 1
mageia 1
fedora 16
suse 3
altlinux 1
rosalinux 1
nvd 1
cve 1
redhatcve 1
debiancve 1
cvelist 1
prion 1
veracode 1
github 1
ubuntucve 1
aix 1
photon 1
redhat
redhat
(RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update
2022-08-09 20:21:56
(RHSA-2022:5729) Moderate: OpenShift Container Platform 4.10.25 security update
2022-08-01 11:00:16
(RHSA-2022:6184) Important: Self Node Remediation Operator 0.4.1 security update
2022-08-25 05:48:25
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty
2022-08-09 05:46:56
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2023-02-27 17:34:12
Security Bulletin: Node-forge is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component
2023-05-08 20:20:36
oraclelinux
oraclelinux
go-toolset:ol8addon security update
2022-06-08 00:00:00
curl security update
2022-06-30 00:00:00
curl security update
2022-06-30 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : golang (EulerOS-SA-2022-1841)
2022-06-15 00:00:00
EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1805)
2022-06-06 00:00:00
AlmaLinux 8 : curl (5313) (ALSA-2022:5313)
2022-07-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1788)
2022-06-07 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1805)
2022-06-07 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1841)
2022-06-16 00:00:00
osv
osv
Moderate: curl security update
2022-06-30 00:00:00
Moderate: curl security update
2022-06-28 10:52:02
golang-1.7 - security update
2022-04-28 00:00:00
almalinux
almalinux
Moderate: curl security update
2022-06-30 00:00:00
Moderate: vim security update
2022-08-03 00:00:00
Moderate: vim security update
2022-08-09 00:00:00
rocky
rocky
curl security update
2022-06-28 10:52:02
go-toolset:rhel8 security and bug fix update
2022-06-28 10:54:21
vim security update
2022-08-02 06:59:03
amazon
amazon
Medium: golang
2023-02-15 00:23:00
debian
debian
[SECURITY] [DLA 2986-1] golang-1.8 security update
2022-04-28 09:57:43
[SECURITY] [DLA 2985-1] golang-1.7 security update
2022-04-28 09:57:28
freebsd
freebsd
go -- multiple vulnerabilities
2022-02-10 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-03-08 02:10:22
fedora
fedora
[SECURITY] Fedora 34 Update: curl-7.76.1-16.fc34
2022-05-24 01:41:08
[SECURITY] Fedora 35 Update: curl-7.79.1-4.fc35
2022-05-18 01:11:50
[SECURITY] Fedora 35 Update: direnv-2.32.1-2.fc35
2022-07-17 01:15:13
suse
suse
Security update for go1.16 (important)
2022-03-04 00:00:00
Security update for go1.17 (important)
2022-03-04 00:00:00
Security update for openssl-1_1 (important)
2022-07-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.7-alt1
2022-02-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2220
2023-08-22 13:18:19
nvd
nvd
CVE-2021-23440
2021-09-12 13:15:07
cve
cve
CVE-2021-23440
2021-09-12 13:15:07
redhatcve
redhatcve
CVE-2021-23440
2021-09-16 15:05:30
debiancve
debiancve
CVE-2021-23440
2021-09-12 13:15:07
cvelist
cvelist
CVE-2021-23440 Prototype Pollution
2021-09-12 00:00:00
prion
prion
Type confusion
2021-09-12 13:15:00
veracode
veracode
Prototype Pollution
2021-09-13 06:49:21
github
github
Prototype Pollution in set-value
2021-09-13 20:09:36
ubuntucve
ubuntucve
CVE-2021-23440
2021-09-12 00:00:00
aix
aix
AIX is vulnerable to arbitrary command execution due to OpenSSL
2022-08-17 16:39:03
photon
photon
Critical Photon OS Security Update - PHSA-2022-0159
2022-03-02 00:00:00

0.106 Low

EPSS

Percentile

95.1%

JSON
Related for RHSA-2022:6156
redhat25ibm14oraclelinux8nessus57openvas36osv13almalinux4rocky5amazon1debian2freebsd1mageia1fedora16suse3altlinux1rosalinux1nvd1cve1redhatcve1debiancve1cvelist1prion1veracode1github1ubuntucve1aix1photon1