Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Masterminds GoUtils ( CVE-2021-4238 )

Summary Masterminds GoUtils is used by IBM Cloud Pak for Data as part of the platform. CVE-2021-4238. Vulnerability Details CVEID:CVE-2021-4238 DESCRIPTION: Masterminds GoUtils could allow a remote attacker to obtain sensitive information, caused by an issue with randomly-generated alphanumeric...

Insufficient randomness in github.com/Masterminds/goutils

...

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.6 (RHSA-2023:0540)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0540 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.55 security update

Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.31 security and extras update

Red Hat OpenShift Container Platform release 4.11.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.28 security update

Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps security update

An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.3 security update

Red Hat OpenShift Container Platform release 4.12.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.11.27 security update

Red Hat OpenShift Container Platform release 4.11.27 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.10.51 security update

Red Hat OpenShift Container Platform release 4.10.51 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.1 security update

Red Hat OpenShift Container Platform release 4.12.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amou...

Insufficient Entropy In Randomly-Generated Alphanumeric Strings

github.com/masterminds/goutils has insufficient entropy In randomly-generated alphanumeric strings. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9 which significantly reduces the amount of entropy in short strings...

CVE-2021-4238

A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amou...

Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references. Original Description Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and...

CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...