Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:4222 - Security Advisory
Issued:
2019-12-11
Updated:
2019-12-11

RHSA-2019:4222 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: Red Hat OpenShift Service Mesh 1.0.3 RPMs security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Service Mesh 1.0.3.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.3 release.

Security Fix(es):

  • An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1 (CVE-2019-18801)
  • Malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure (CVE-2019-18802)
  • Malformed HTTP request without the Host header may cause abnormal termination of the Envoy process (CVE-2019-18838)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

The OpenShift Service Mesh release notes provide information on the features and known issues:

https://docs.openshift.com/container-platform/4.2/service_mesh/servicemesh-release-notes.html

Affected Products

  • Red Hat OpenShift Service Mesh 1.0 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh 1.0 for RHEL 7 x86_64

Fixes

  • BZ - 1773444 - CVE-2019-18801 envoy: an untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1
  • BZ - 1773447 - CVE-2019-18802 envoy: malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure
  • BZ - 1773449 - CVE-2019-18838 envoy: malformed HTTP request without the Host header may cause abnormal termination of the Envoy process

CVEs

  • CVE-2019-18801
  • CVE-2019-18802
  • CVE-2019-18838

References

  • https://access.redhat.com/security/updates/classification/#critical
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Service Mesh 1.0 for RHEL 8

SRPM
servicemesh-1.0.3-1.el8.src.rpm SHA-256: 74648bd0c31396f67eabf343bf29e3e1fff5ad2bf12c9bebee65f7e135c64462
servicemesh-cni-1.0.3-1.el8.src.rpm SHA-256: ba0bdec0eb6272116be50f3d979e794ac08b4f65745707404891ba962fee1759
servicemesh-grafana-6.2.2-25.el8.src.rpm SHA-256: 65d0526af87442bcb40f6dda651b11585aab3569c4d5f91e54dc1eebb7ead4f1
servicemesh-operator-1.0.3-1.el8.src.rpm SHA-256: 1236e112cf317073de2decff97d829a4ead1a7dc72b58432923e4a5f0a280a34
servicemesh-prometheus-2.7.2-26.el8.src.rpm SHA-256: e3da9536e02dabdbe41d690fae01e2ccce6d8ce2cdbb63b86d73b3de476b1c87
servicemesh-proxy-1.0.3-1.el8.src.rpm SHA-256: 645a960d8b701cea95c0acda988138476e5576353b9e0bd03e5d52152580f94e
x86_64
servicemesh-1.0.3-1.el8.x86_64.rpm SHA-256: 911c1ec77b82bdaf57224cbf867aeaae2c13d4d3bb754db1fa7acbd2bf9c9821
servicemesh-citadel-1.0.3-1.el8.x86_64.rpm SHA-256: 20839ce0fad1eb704bb402957f02d9dac9dc9490bbc2b4dc12e2f065b9286c83
servicemesh-cni-1.0.3-1.el8.x86_64.rpm SHA-256: 1535e361a7174a1df5c9cfde47d0fc38f5ba332ba4eca5281a5033f13457e052
servicemesh-galley-1.0.3-1.el8.x86_64.rpm SHA-256: bbf91fbf935f87a9ecb0af9cfbf15bcfd4af37be34115b699b4906921cd0e29b
servicemesh-grafana-6.2.2-25.el8.x86_64.rpm SHA-256: 7d6e564614d19e8f896179a33d55f1e37816a9646b321c800c38776b55e6613c
servicemesh-grafana-prometheus-6.2.2-25.el8.x86_64.rpm SHA-256: dbecab86c96ffffd8fb853ff93b2e201af152f1e95f1208eeec1b9a18cf5f39d
servicemesh-istioctl-1.0.3-1.el8.x86_64.rpm SHA-256: eb1c7f3ad1a69a266f2d49543342e48120619fbb07ebc17f10b4f629a0fea8d2
servicemesh-mixc-1.0.3-1.el8.x86_64.rpm SHA-256: c91245d9e5b77701a09a295a2a59437ac4a3682729ac9e37992faddba31239d9
servicemesh-mixs-1.0.3-1.el8.x86_64.rpm SHA-256: 440aa08c764248a057e250b358efe65623d3a9871100696a83bbdad99362e559
servicemesh-operator-1.0.3-1.el8.x86_64.rpm SHA-256: 76ac295d803f81ef5a7ae147854b505982d6898b2ffbd7e4d9e60c982f20521d
servicemesh-pilot-agent-1.0.3-1.el8.x86_64.rpm SHA-256: 309e88b704ddc084c9c37e8f180edc657ee2a415d15620f5dccfa35dd65be269
servicemesh-pilot-discovery-1.0.3-1.el8.x86_64.rpm SHA-256: 89054e172d7b88aade670fc99303114692f18d3381fc32f03edcd84b34eaa484
servicemesh-prometheus-2.7.2-26.el8.x86_64.rpm SHA-256: e4a854b0944c7ec1d555f064db836ebdb0afc597455fd22627a7d0fd8659ee43
servicemesh-proxy-1.0.3-1.el8.x86_64.rpm SHA-256: 4aab4e0369f86f1b0e5c4f6a0ce7a56b0fc1cde58cd650bb32131d3ddf2ae8d3
servicemesh-sidecar-injector-1.0.3-1.el8.x86_64.rpm SHA-256: 68079855fd64142d2089f2d62f30dc8c57d787999be119d518dd280b06515170

Red Hat OpenShift Service Mesh 1.0 for RHEL 7

SRPM
kiali-v1.0.8.redhat1-1.el7.src.rpm SHA-256: 4bfdcebad2f92357b01d09fe5534bdfb483b1d6f0d48066e03f92492d80a7532
x86_64
kiali-v1.0.8.redhat1-1.el7.x86_64.rpm SHA-256: d825141db2c47571d5042c0a4762c32266a0436855d21854a9090fccbb541881

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility