Red Hat Product Errata RHSA-2021:2085 - Security Advisory
Issued:
2021-05-20
Updated:
2021-05-20

RHSA-2021:2085 - Security Advisory

Synopsis

Important: servicemesh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for servicemesh is now available for OpenShift Service Mesh 1.1.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):

  • istio/istio: authorization bypass when using AUTO_PASSTHROUGH (CVE-2021-31921)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 1.1 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 1.1 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 1.1 for RHEL 8 s390x

Fixes

  • BZ - 1955396 - CVE-2021-31921 istio/istio: authorization bypass when using AUTO_PASSTHROUGH

Red Hat OpenShift Service Mesh 1.1 for RHEL 8

SRPM
servicemesh-1.1.15-4.el8.src.rpm SHA-256: cfd52cf5235d810542513f5c1c732ea74fb3dbe64ab0d4003c3026987faf947f
x86_64
servicemesh-1.1.15-4.el8.x86_64.rpm SHA-256: afdcea2012bc7144b0ad06ec781cc35fb4340944fd15c544a3f8d892f65bc7d9
servicemesh-citadel-1.1.15-4.el8.x86_64.rpm SHA-256: c8424c54a1b5fce4660cccaa0be5db487111692ee33af4b2dedab7628381940e
servicemesh-galley-1.1.15-4.el8.x86_64.rpm SHA-256: 2e734bc17dca24e364c6f0015b4095efce3666057487b4c27d590f0d835019ac
servicemesh-istioctl-1.1.15-4.el8.x86_64.rpm SHA-256: 5908f34179e2e88f4e67f02bcf031972ed7a016e5a501ad626c25ace9336345a
servicemesh-mixc-1.1.15-4.el8.x86_64.rpm SHA-256: c2184f34ad8d69cba01996f7a3e4a4de34d05b82d4f6547a77baaae5f2a46256
servicemesh-mixs-1.1.15-4.el8.x86_64.rpm SHA-256: 781394db1bcb8428a7752a4f768517487bbd84ef1a2492149c1025ac6a3ce72b
servicemesh-pilot-agent-1.1.15-4.el8.x86_64.rpm SHA-256: 9d3a09dc3b313ff2be31fdeb286ca55dd7b9a25f62cc12b896631202b826b798
servicemesh-pilot-discovery-1.1.15-4.el8.x86_64.rpm SHA-256: dec8fa40fd0b4379db7cd83f918ec58fe5de108301cecd86b01cde6fa2bf1308
servicemesh-sidecar-injector-1.1.15-4.el8.x86_64.rpm SHA-256: 6ff7c7755c442b89cbe726190f9eb131c4cee8b9a21eb503a7634241503664a9

Red Hat OpenShift Service Mesh for Power 1.1 for RHEL 8

SRPM
servicemesh-1.1.15-4.el8.src.rpm SHA-256: cfd52cf5235d810542513f5c1c732ea74fb3dbe64ab0d4003c3026987faf947f
ppc64le
servicemesh-1.1.15-4.el8.ppc64le.rpm SHA-256: 243ad31e89f581ba8fde2baee3c6f05dc408e579748b18ec20acdea971c53d43
servicemesh-citadel-1.1.15-4.el8.ppc64le.rpm SHA-256: 839363e4484f3bbebc735b9a618169395fd40a0180fb360d524c28eea2465028
servicemesh-galley-1.1.15-4.el8.ppc64le.rpm SHA-256: 668d19894b9f791ad30925b2aab7d22f5e7eb8af681c45c2ed3dcb02a7f1ef1e
servicemesh-istioctl-1.1.15-4.el8.ppc64le.rpm SHA-256: 50c2382ad35232de328a9223d2c80b006085c9d2885b901d3d3f28dbd9a39c83
servicemesh-mixc-1.1.15-4.el8.ppc64le.rpm SHA-256: c988160e6d213a993ceafbb4e0b38c6d5c28933791a3cfebfc2ffe81a7c4022c
servicemesh-mixs-1.1.15-4.el8.ppc64le.rpm SHA-256: 5fc4881ad04eb765c4714d6c5d86c27265a8631df8d286adb99d477111e12533
servicemesh-pilot-agent-1.1.15-4.el8.ppc64le.rpm SHA-256: d7c39f41f51ff423185ac7418c23c80f5adfa61e46c16d40607bee74a88a673e
servicemesh-pilot-discovery-1.1.15-4.el8.ppc64le.rpm SHA-256: 2945ea40cb03e6bd123e53b58d00a9a16223a8c68f60d81b9ca9bb65e9ed0d80
servicemesh-sidecar-injector-1.1.15-4.el8.ppc64le.rpm SHA-256: 7be55196471a2191ecc0b3f0e8bae2b65dc5d5ad8eac6b0c3c3ef285db6d7e5c

Red Hat OpenShift Service Mesh for IBM Z 1.1 for RHEL 8

SRPM
servicemesh-1.1.15-4.el8.src.rpm SHA-256: cfd52cf5235d810542513f5c1c732ea74fb3dbe64ab0d4003c3026987faf947f
s390x
servicemesh-1.1.15-4.el8.s390x.rpm SHA-256: 450541117108f692fd6735fb3f6f55245372359188538fd97d815e78ab90adb0
servicemesh-citadel-1.1.15-4.el8.s390x.rpm SHA-256: 82ba6a76978fb6bce97f6b526d68dc9cb5a012de458d065cc9acecf78ddd4f8d
servicemesh-galley-1.1.15-4.el8.s390x.rpm SHA-256: 01b9afe211eed5ac22b71394a9a36fa24b060df6b003ab0f07b41af6f749a0bf
servicemesh-istioctl-1.1.15-4.el8.s390x.rpm SHA-256: 8b3848370024bfb6dfa115680daaee766f9a0df044966ddd3144a80ce8874238
servicemesh-mixc-1.1.15-4.el8.s390x.rpm SHA-256: 52edca4928d62767e2b3b23f19839a2a92e24e0f1a674461c338b4799e43579d
servicemesh-mixs-1.1.15-4.el8.s390x.rpm SHA-256: 92d53727e8dd3b39a2e336c894aa556f521a7f9bddc6ec2911f38e5e594abbbb
servicemesh-pilot-agent-1.1.15-4.el8.s390x.rpm SHA-256: 5be2ac29cd10313b4c30ad9a0f806c242a0296a4ef970955a4622f7f1578f3d2
servicemesh-pilot-discovery-1.1.15-4.el8.s390x.rpm SHA-256: cf529b3110dac0974745eed010da78792f59ba354dc130633e46819aa4b80a7f
servicemesh-sidecar-injector-1.1.15-4.el8.s390x.rpm SHA-256: 03c5ac9ff8e4a078afb5e4d10731afdd11d8b6322b18737dadfcb396b7514633

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.