Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:1322 - Security Advisory
Issued:
2021-04-22
Updated:
2021-04-22

RHSA-2021:1322 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: Red Hat OpenShift Service Mesh 1.1.13 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

  • envoyproxy/envoy: integer overflow handling large grpc-timeouts (CVE-2021-28682)
  • envoyproxy/envoy: NULL pointer dereference in TLS alert code handling (CVE-2021-28683)
  • envoyproxy/envoy: crash with empty HTTP/2 metadata map (CVE-2021-29258)
  • istio-pilot: requests to debug api can result in panic (CVE-2019-25014)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 1.1 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 1.1 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 1.1 for RHEL 8 s390x

Fixes

  • BZ - 1919066 - CVE-2019-25014 istio-pilot: requests to debug api can result in panic
  • BZ - 1942263 - CVE-2021-28683 envoyproxy/envoy: NULL pointer dereference in TLS alert code handling
  • BZ - 1942272 - CVE-2021-28682 envoyproxy/envoy: integer overflow handling large grpc-timeouts
  • BZ - 1942280 - CVE-2021-29258 envoyproxy/envoy: crash with empty HTTP/2 metadata map

CVEs

  • CVE-2019-25014
  • CVE-2021-28682
  • CVE-2021-28683
  • CVE-2021-29258

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Service Mesh 1.1 for RHEL 8

SRPM
servicemesh-1.1.13-3.el8.src.rpm SHA-256: ca5868b6a1e86a777841b1208052c3ef14e4370c135e7da0b918ab7a756169c7
servicemesh-proxy-1.1.13-1.el8.src.rpm SHA-256: 084c72996169d16df8a4328c2f82a49b814ef1151b77839683562e5022e6dbbe
x86_64
servicemesh-1.1.13-3.el8.x86_64.rpm SHA-256: 6d7a4e0eddbd11f260db37b4cf7f937fed7dd6906353dc087d36ececd5c62bb5
servicemesh-citadel-1.1.13-3.el8.x86_64.rpm SHA-256: 3d74be31bb4ecf8fb41251baf4150dc4023fe17f1be1f3d661030e2dc2795013
servicemesh-galley-1.1.13-3.el8.x86_64.rpm SHA-256: bced70b0f52e9921b59430dca5b4a0f8e37ca167cec4b50f03da7434ed221631
servicemesh-istioctl-1.1.13-3.el8.x86_64.rpm SHA-256: 37a53ae4a0499da61a9abc7289390b9657a39b47518a96b793e5a0dfe932063a
servicemesh-mixc-1.1.13-3.el8.x86_64.rpm SHA-256: 81df5453a775fb6dd0419e64f16c9ab5318acf9f28e22c3db2b7e0b93468942d
servicemesh-mixs-1.1.13-3.el8.x86_64.rpm SHA-256: 2202ea7ab703949c2a16b309708efb84fe43292a8a87687f5dddacfa989f2718
servicemesh-pilot-agent-1.1.13-3.el8.x86_64.rpm SHA-256: f4c4ccf2aa0d2e20bed00193ed518b8f3def9988afcbc7a58e47f2ca22e70fbf
servicemesh-pilot-discovery-1.1.13-3.el8.x86_64.rpm SHA-256: 40452182850cd660c5a93ee1dcd55fb0c364a76977ba1329ffc4ed0bd9695c81
servicemesh-proxy-1.1.13-1.el8.x86_64.rpm SHA-256: c85e14b273a3357f979393c653cc46db5f0df174a9f332ff7aaf25d5596455e8
servicemesh-sidecar-injector-1.1.13-3.el8.x86_64.rpm SHA-256: 3234bb2c2586c94924eb1d0abdeb65802e8be95585254cfc8434b2890705f389

Red Hat OpenShift Service Mesh for Power 1.1 for RHEL 8

SRPM
servicemesh-1.1.13-3.el8.src.rpm SHA-256: ca5868b6a1e86a777841b1208052c3ef14e4370c135e7da0b918ab7a756169c7
servicemesh-proxy-1.1.13-1.el8.src.rpm SHA-256: 084c72996169d16df8a4328c2f82a49b814ef1151b77839683562e5022e6dbbe
ppc64le
servicemesh-1.1.13-3.el8.ppc64le.rpm SHA-256: 080f9b306b96b2a40657eb0f31bbca33bdb1fddfc7e1613089127de2562a266f
servicemesh-citadel-1.1.13-3.el8.ppc64le.rpm SHA-256: 7c3d654315ff69e1bde6e444b2a8111271b77b6a21620e0edf5302bf8deb4c2d
servicemesh-galley-1.1.13-3.el8.ppc64le.rpm SHA-256: 2fb39f2c77bcce5b6f5e86b6114cb2196a6b34fe29d937c6088d7a3a247fb8cb
servicemesh-istioctl-1.1.13-3.el8.ppc64le.rpm SHA-256: 52c95d8b70a3a26424ec39ba7365f7298e1efcefc990eeeebfba7da196e192bf
servicemesh-mixc-1.1.13-3.el8.ppc64le.rpm SHA-256: 5ba84c495350774499371991e2487a6b90eb7b6252addf81a6f64f67b2b167f8
servicemesh-mixs-1.1.13-3.el8.ppc64le.rpm SHA-256: b98ac2e55e936610a49b784306d4bbd89e33cb29de1cd7c846e5457cb2d6b58d
servicemesh-pilot-agent-1.1.13-3.el8.ppc64le.rpm SHA-256: 893321e3804b2858b1aa9a142a6f1161d0a67866c936b7765b09099901f33221
servicemesh-pilot-discovery-1.1.13-3.el8.ppc64le.rpm SHA-256: ed1523689fc1ba1f9f3dbd64e47dcaf1ddb0d7c04b587939907fcd6d82ac8475
servicemesh-proxy-1.1.13-1.el8.ppc64le.rpm SHA-256: 915808f98e1688510883abf64db6784d0df645292d5e726a4107c2811b818f70
servicemesh-sidecar-injector-1.1.13-3.el8.ppc64le.rpm SHA-256: 89e1279990e8d1bc9eb6ef8a8894e2d60aa5c28406345c40506b213f60e85d12

Red Hat OpenShift Service Mesh for IBM Z 1.1 for RHEL 8

SRPM
servicemesh-1.1.13-3.el8.src.rpm SHA-256: ca5868b6a1e86a777841b1208052c3ef14e4370c135e7da0b918ab7a756169c7
servicemesh-proxy-1.1.13-1.el8.src.rpm SHA-256: 084c72996169d16df8a4328c2f82a49b814ef1151b77839683562e5022e6dbbe
s390x
servicemesh-1.1.13-3.el8.s390x.rpm SHA-256: 700f9deb6f05c690f42f2839feb7359b8b88e157c9c4422273c8906efe832271
servicemesh-citadel-1.1.13-3.el8.s390x.rpm SHA-256: c65dd2050fbd8507716fd6e01028104b3d5a6dcdabb6cce1f3ff2704f4c21de5
servicemesh-galley-1.1.13-3.el8.s390x.rpm SHA-256: fbbac5f93d90323aebf5372ebff01041e4b4c4d8638be6822f3eaf80d728074f
servicemesh-istioctl-1.1.13-3.el8.s390x.rpm SHA-256: 17a00d3fd9cea87241f3f18dd04b60c341cae36e9920af556a341a261b2bce2e
servicemesh-mixc-1.1.13-3.el8.s390x.rpm SHA-256: 390cd1a8467fd48a8404e73c6cebb6f30fd31b536b6e0c54ce1d0b1fba9f79ec
servicemesh-mixs-1.1.13-3.el8.s390x.rpm SHA-256: 30a36b3fb15f27b758c389c9557e34fe8f05e8bd28ea26907997fa6b7c2c7b81
servicemesh-pilot-agent-1.1.13-3.el8.s390x.rpm SHA-256: afb722c31d308677d4165b7dabbae0428073a4d9bc1f3ee324bb9333a3982bf9
servicemesh-pilot-discovery-1.1.13-3.el8.s390x.rpm SHA-256: 6163aad44b311e442a3112260fb4c959f6654bde66b66522275b68a6afb3bd19
servicemesh-proxy-1.1.13-1.el8.s390x.rpm SHA-256: 3d7bf37bfedbd466e30bcaec5f4c9b250dad4bde556580d10ea11468e30bff67
servicemesh-sidecar-injector-1.1.13-3.el8.s390x.rpm SHA-256: 6782737dcf643d5f1aed3208135ee1ab183674294eaf33b26e991fef346484f7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility