Headline
RHSA-2023:0540: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.6 security update
Red Hat OpenShift Service Mesh 2.1.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-30
Updated:
2023-01-30
RHSA-2023:0540 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: Red Hat OpenShift Service Mesh 2.1.6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Service Mesh 2.1.6
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
- goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenShift Service Mesh 2.1 for RHEL 8 x86_64
- Red Hat OpenShift Service Mesh for Power 2.1 for RHEL 8 ppc64le
- Red Hat OpenShift Service Mesh for IBM Z 2.1 for RHEL 8 s390x
Fixes
- BZ - 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
- OSSM-2440 - RPM Release for Maistra 2.1.6
Red Hat OpenShift Service Mesh 2.1 for RHEL 8
SRPM
servicemesh-2.1.6-1.el8.src.rpm
SHA-256: bbff5953f5c9f9f725ecb8cd6b0f9caf73180efa788f4d911b2551c1ad38bdd7
servicemesh-operator-2.1.6-1.el8.src.rpm
SHA-256: 5eca028dfc39a6f226967f33c79f57098fd9259953fcd82f7d8fffc9f8596d35
servicemesh-prometheus-2.23.0-10.el8.src.rpm
SHA-256: 13681d5e3c9a4a7782baf51345fa67ebd30230aadb76357ead4441af704a1716
servicemesh-proxy-2.1.6-1.el8.src.rpm
SHA-256: 95ad227aaa50a7507644da65f5aeff6b183fffa11b38132655950eb9600ee29f
servicemesh-ratelimit-2.1.6-1.el8.src.rpm
SHA-256: 354220d4c276ec695f9432bd5bb3b6589f5f28a3471e88fb086280adaabc5cb6
x86_64
servicemesh-2.1.6-1.el8.x86_64.rpm
SHA-256: 4b148cfdd9315189350ab65d29a65f7bd67d347219568275b8acc44d7b3d9eeb
servicemesh-cni-2.1.6-1.el8.x86_64.rpm
SHA-256: 6a922e1b5bda2e41285c6eb0c37901671fa26eaee2d04048bfdfc997038f9d5b
servicemesh-operator-2.1.6-1.el8.x86_64.rpm
SHA-256: 191bf9ce49265aa1342a864dfaf385e41850a2c00faaefe6596943987fcbbb60
servicemesh-pilot-agent-2.1.6-1.el8.x86_64.rpm
SHA-256: 681d3aa1916065abae2a794f89ac71ec3264879dbe026ba26e94858529850046
servicemesh-pilot-discovery-2.1.6-1.el8.x86_64.rpm
SHA-256: d053e3169ca062c814d8485a6b0a3344866b08e9be71c5cc5658c665bb2fe311
servicemesh-prometheus-2.23.0-10.el8.x86_64.rpm
SHA-256: 4bd64b0d72dd5735801157b4280d60ace1c8ea29198f747f470ef2f183532413
servicemesh-proxy-2.1.6-1.el8.x86_64.rpm
SHA-256: 1a60d2e8b0a1cc4a0a9385707db2f3663fc052c0ca8f99ae9f46c4410f712337
servicemesh-proxy-debuginfo-2.1.6-1.el8.x86_64.rpm
SHA-256: 43fe364b381b8e6bb8a0d9cd88048434019a35a369ba5e83edc64f59c0ac8887
servicemesh-proxy-debugsource-2.1.6-1.el8.x86_64.rpm
SHA-256: d090e76ede3861095c0a1078683c13f80328dd817cbc4bbcdc3e3f021b83aecb
servicemesh-proxy-wasm-2.1.6-1.el8.noarch.rpm
SHA-256: 2923404d369ebdf6408779e36a0e526624b4615eac5a4c9723d5ac73a68f1e7d
servicemesh-ratelimit-2.1.6-1.el8.x86_64.rpm
SHA-256: 42370c0b2e44c9ef3d1ba83e3c6d7d4f425de98a64021f54bb999cd13c20a1e6
Red Hat OpenShift Service Mesh for Power 2.1 for RHEL 8
SRPM
servicemesh-2.1.6-1.el8.src.rpm
SHA-256: bbff5953f5c9f9f725ecb8cd6b0f9caf73180efa788f4d911b2551c1ad38bdd7
servicemesh-operator-2.1.6-1.el8.src.rpm
SHA-256: 5eca028dfc39a6f226967f33c79f57098fd9259953fcd82f7d8fffc9f8596d35
servicemesh-prometheus-2.23.0-10.el8.src.rpm
SHA-256: 13681d5e3c9a4a7782baf51345fa67ebd30230aadb76357ead4441af704a1716
servicemesh-proxy-2.1.6-1.el8.src.rpm
SHA-256: 95ad227aaa50a7507644da65f5aeff6b183fffa11b38132655950eb9600ee29f
servicemesh-ratelimit-2.1.6-1.el8.src.rpm
SHA-256: 354220d4c276ec695f9432bd5bb3b6589f5f28a3471e88fb086280adaabc5cb6
ppc64le
servicemesh-2.1.6-1.el8.ppc64le.rpm
SHA-256: 08ed89433bd3922f0c4e26e664d0c9a04f848cb9a6fd584c42e68346698f3816
servicemesh-cni-2.1.6-1.el8.ppc64le.rpm
SHA-256: 1a73065a9c1c4bddf7e2c8ec7c20ca636a81b31a26c01a5eec337a947f1b438d
servicemesh-operator-2.1.6-1.el8.ppc64le.rpm
SHA-256: 6e4b9ed49f7ba078805e23560bc10d2ca167fdd44a36ad4b29d8bf1789f7f286
servicemesh-pilot-agent-2.1.6-1.el8.ppc64le.rpm
SHA-256: c8470a254459f2adc9a4997fb62ce046a09ecbf3d0795ee0772ef22b3bf318cf
servicemesh-pilot-discovery-2.1.6-1.el8.ppc64le.rpm
SHA-256: 0f3633539257acea4d6bce1f678cb904d21b74a1329803271f7a009d3b1c383d
servicemesh-prometheus-2.23.0-10.el8.ppc64le.rpm
SHA-256: 632f989c50fd554d3a3cdd569be05d9ce33e9dc7d75f702e28afb36a8b75708c
servicemesh-proxy-2.1.6-1.el8.ppc64le.rpm
SHA-256: 06f4507c353941091ba8f0335455149aae8fea192c96d1d8c01441651e3bded6
servicemesh-proxy-debuginfo-2.1.6-1.el8.ppc64le.rpm
SHA-256: eec7740bd06595fd742b7005f2a245379ee61e3d4bf6918655b5f5045b859eda
servicemesh-proxy-debugsource-2.1.6-1.el8.ppc64le.rpm
SHA-256: 73019ef584d1789011035a235e5522e08f0d35e68fbca0159a846c622467259b
servicemesh-proxy-wasm-2.1.6-1.el8.noarch.rpm
SHA-256: 2923404d369ebdf6408779e36a0e526624b4615eac5a4c9723d5ac73a68f1e7d
servicemesh-ratelimit-2.1.6-1.el8.ppc64le.rpm
SHA-256: e54328837e152f4331d1174a2a7c7402867a242bd687e31e3fb19931bdd616c3
Red Hat OpenShift Service Mesh for IBM Z 2.1 for RHEL 8
SRPM
servicemesh-2.1.6-1.el8.src.rpm
SHA-256: bbff5953f5c9f9f725ecb8cd6b0f9caf73180efa788f4d911b2551c1ad38bdd7
servicemesh-operator-2.1.6-1.el8.src.rpm
SHA-256: 5eca028dfc39a6f226967f33c79f57098fd9259953fcd82f7d8fffc9f8596d35
servicemesh-prometheus-2.23.0-10.el8.src.rpm
SHA-256: 13681d5e3c9a4a7782baf51345fa67ebd30230aadb76357ead4441af704a1716
servicemesh-proxy-2.1.6-1.el8.src.rpm
SHA-256: 95ad227aaa50a7507644da65f5aeff6b183fffa11b38132655950eb9600ee29f
servicemesh-ratelimit-2.1.6-1.el8.src.rpm
SHA-256: 354220d4c276ec695f9432bd5bb3b6589f5f28a3471e88fb086280adaabc5cb6
s390x
servicemesh-2.1.6-1.el8.s390x.rpm
SHA-256: ae5223bbf0dc30a2b96f755773f8f698cfdce6d30ae6ec28b3f11bdf29a9b1c7
servicemesh-cni-2.1.6-1.el8.s390x.rpm
SHA-256: 213d2afa1f40e444b172ef8ad19d0644661408e41b1a9bcc1aba9f92947b9e72
servicemesh-operator-2.1.6-1.el8.s390x.rpm
SHA-256: d2fbc71246919887edce7b148ae7a8f34528395d82a92856fc59b148a819b3b0
servicemesh-pilot-agent-2.1.6-1.el8.s390x.rpm
SHA-256: 40aec6cc182fe06b598e34d883bb606c8fb088c47d4db70b1c72682dcbc35749
servicemesh-pilot-discovery-2.1.6-1.el8.s390x.rpm
SHA-256: bdf474493d05d9c7cca3ab9034ab40d8ec89dc0101a346d9d1431025bd3f069b
servicemesh-prometheus-2.23.0-10.el8.s390x.rpm
SHA-256: db59eb74c6d383560c2ec3a9432e996da833ec6effa5c98da9db4aa147f355bf
servicemesh-proxy-2.1.6-1.el8.s390x.rpm
SHA-256: c47d3d314571c80a1dcdedb9733e8fa8d24b500a0c1040f01cc4f584ae267847
servicemesh-proxy-debuginfo-2.1.6-1.el8.s390x.rpm
SHA-256: 4110274476e049f22da4e1c47820e0b02e5b004595383baa9dfab58348948cd5
servicemesh-proxy-debugsource-2.1.6-1.el8.s390x.rpm
SHA-256: e4670464735fafff897eadb52c7679ff298c3e33c268df869793701a408b5ef9
servicemesh-proxy-wasm-2.1.6-1.el8.noarch.rpm
SHA-256: 2923404d369ebdf6408779e36a0e526624b4615eac5a4c9723d5ac73a68f1e7d
servicemesh-ratelimit-2.1.6-1.el8.s390x.rpm
SHA-256: 1b2fb36830faee72f1dadf415c3ed070691ca1e010985d49c08b4df01cf0b04e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.32 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always r...
Red Hat Security Advisory 2023-1154-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.54.
Red Hat OpenShift Container Platform release 4.11.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue...
Red Hat Security Advisory 2023-0802-01 - An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat OpenShift Container Platform release 4.12.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...
Red Hat Security Advisory 2023-0651-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution esigned for on-premise or private cloud deployments.
Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue ...
Red Hat Security Advisory 2023-0561-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat Security Advisory 2023-0569-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. * CVE-2021-4238: A f...
Red Hat Security Advisory 2023-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.26.
Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat Security Advisory 2023-0540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat Security Advisory 2023-0449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.1.
Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.