Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2022:5004 - Security Advisory
Issued:
2022-06-13
Updated:
2022-06-13

RHSA-2022:5004 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: Red Hat OpenShift Service Mesh 2.1.3 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Service Mesh 2.1.3 has been released.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

  • envoy: oauth filter allows trivial bypass (CVE-2022-29226)
  • envoy: Decompressors can be zip bombed (CVE-2022-29225)
  • envoy: oauth filter calls continueDecoding() from within decodeHeaders() (CVE-2022-29228)
  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
  • golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
  • envoy: Segfault in GrpcHealthCheckerImpl (CVE-2022-29224)
  • Istio: Unsafe memory access in metadata exchange (CVE-2022-31045)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page listed in the References section.

Solution

The OpenShift Service Mesh Release Notes provide information on the features and known issues. See the link in the References section.

Affected Products

  • Red Hat OpenShift Service Mesh 2.1 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2.1 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2.1 for RHEL 8 s390x

Fixes

  • BZ - 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
  • BZ - 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
  • BZ - 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
  • BZ - 2088737 - CVE-2022-29225 envoy: Decompressors can be zip bombed
  • BZ - 2088738 - CVE-2022-29224 envoy: Segfault in GrpcHealthCheckerImpl
  • BZ - 2088739 - CVE-2022-29226 envoy: oauth filter allows trivial bypass
  • BZ - 2088740 - CVE-2022-29228 envoy: oauth filter calls continueDecoding() from within decodeHeaders()
  • BZ - 2088819 - CVE-2022-31045 Istio: Unsafe memory access in metadata exchange.
  • OSSM-1614 - RPM Release for Maistra 2.1.3
  • OSSM-1107 - Take jwksResolverExtraRootCA out of TechPreview

CVEs

  • CVE-2022-23772
  • CVE-2022-23773
  • CVE-2022-23806
  • CVE-2022-29224
  • CVE-2022-29225
  • CVE-2022-29226
  • CVE-2022-29228
  • CVE-2022-31045

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Service Mesh 2.1 for RHEL 8

SRPM
servicemesh-2.1.3-1.el8.src.rpm SHA-256: 0c4b63fafeaf8b67b10f47a54f8d371aec3d4eddc7ea93dbfb0812c5de0b2edd
servicemesh-operator-2.1.3-2.el8.src.rpm SHA-256: 1901f7c8213744d904b9b83e254d30be5049dcd16df69fbb429709ec2ede1080
servicemesh-prometheus-2.23.0-7.el8.src.rpm SHA-256: 494340a7de0f1cd72b5f06f1a922ad32330dc9e92c08d7deb7773301ad29613e
servicemesh-proxy-2.1.3-1.el8.src.rpm SHA-256: 128de98ad0ef7b62bf41325f498d9197ef4273fc348dd4d856c32b1efcfb258d
servicemesh-ratelimit-2.1.3-1.el8.src.rpm SHA-256: c1c42c6da327083cf71222a9569da37c2525fcb8d65d34c6779f3face14de6d9
x86_64
servicemesh-2.1.3-1.el8.x86_64.rpm SHA-256: 407407238296132a34567b97dbb4bf0954b70e37ec74c97e10930c65746299fc
servicemesh-cni-2.1.3-1.el8.x86_64.rpm SHA-256: 5c614967ece2f9bcafcba0042d07cfbe5fcb2b76763061d82597854547a3ab3e
servicemesh-operator-2.1.3-2.el8.x86_64.rpm SHA-256: e94ca9a24a79c1ca4e5cd4e72f5c8fd236c70185b0eaf6633855ea922accf66b
servicemesh-pilot-agent-2.1.3-1.el8.x86_64.rpm SHA-256: 79425e4e1ae410f1aace871abd0cb2ae3efd97932b54447f51b7a6f46d7e8f4b
servicemesh-pilot-discovery-2.1.3-1.el8.x86_64.rpm SHA-256: 2c449158411bc43c1c2d2b8273a869bd8fffd24116eaeb5d87a6110777567d86
servicemesh-prometheus-2.23.0-7.el8.x86_64.rpm SHA-256: 3ed4d703048cd931be1252a1974e6c139ac9620d3bd82ae45fb3f774d3761dac
servicemesh-proxy-2.1.3-1.el8.x86_64.rpm SHA-256: 28277d01d19eba167527aa3cd6fde009a70d8c5cad8bc7338548028113741e49
servicemesh-proxy-debuginfo-2.1.3-1.el8.x86_64.rpm SHA-256: bb360eb60e9acb1aa5a8d1566529b98bf06fe57a10d3db86df19e4199913b9fb
servicemesh-proxy-debugsource-2.1.3-1.el8.x86_64.rpm SHA-256: 80a0254ae0a4b3f7e16232aacfe9cb0f204f8a53c0eef611859fbaf80b60b33e
servicemesh-proxy-wasm-2.1.3-1.el8.noarch.rpm SHA-256: d2b44332df9e54ffd575f0adb27363d40347a811e1d6ea50377f858828204419
servicemesh-ratelimit-2.1.3-1.el8.x86_64.rpm SHA-256: 331eabdb905200acbbd7b7258151f7ce24bb89db2a02737f7e01de05b22d045a

Red Hat OpenShift Service Mesh for Power 2.1 for RHEL 8

SRPM
servicemesh-2.1.3-1.el8.src.rpm SHA-256: 0c4b63fafeaf8b67b10f47a54f8d371aec3d4eddc7ea93dbfb0812c5de0b2edd
servicemesh-operator-2.1.3-2.el8.src.rpm SHA-256: 1901f7c8213744d904b9b83e254d30be5049dcd16df69fbb429709ec2ede1080
servicemesh-prometheus-2.23.0-7.el8.src.rpm SHA-256: 494340a7de0f1cd72b5f06f1a922ad32330dc9e92c08d7deb7773301ad29613e
servicemesh-proxy-2.1.3-1.el8.src.rpm SHA-256: 128de98ad0ef7b62bf41325f498d9197ef4273fc348dd4d856c32b1efcfb258d
servicemesh-ratelimit-2.1.3-1.el8.src.rpm SHA-256: c1c42c6da327083cf71222a9569da37c2525fcb8d65d34c6779f3face14de6d9
ppc64le
servicemesh-2.1.3-1.el8.ppc64le.rpm SHA-256: 16b6704d3d3358d7238ec841b34e2df0751345b49e84ea628d7052d03a9419e0
servicemesh-cni-2.1.3-1.el8.ppc64le.rpm SHA-256: ef6e0686061e1f69516f124c55c28263fe5f25f9decd46a77ac91af8bea02fd2
servicemesh-operator-2.1.3-2.el8.ppc64le.rpm SHA-256: d175bf8301802d0a55ec262ff085c5043b145eeacadd38c21c8f3a6b91a7fa99
servicemesh-pilot-agent-2.1.3-1.el8.ppc64le.rpm SHA-256: c05a91e059607e55b534fcd2118a9b9d8ba90f632cc42d816ebb20659246ae04
servicemesh-pilot-discovery-2.1.3-1.el8.ppc64le.rpm SHA-256: 88db2feacbc956a4d1fb3b6f74ab1533c3659e263261d2aa34940fa8f05b25f8
servicemesh-prometheus-2.23.0-7.el8.ppc64le.rpm SHA-256: e65286dacd9b50f636006f011799cb086cea3d7f85231b8ac14bb726fbecd62f
servicemesh-proxy-2.1.3-1.el8.ppc64le.rpm SHA-256: aec4559e8aca553aba8e7e6ad24c62481023a4fd18f4e627facfaa1e956ae2f5
servicemesh-proxy-debuginfo-2.1.3-1.el8.ppc64le.rpm SHA-256: 7bd748d4e9e83d4733b98aa4830d769e0f24285190c4a534d7d68a1f92b22ae1
servicemesh-proxy-debugsource-2.1.3-1.el8.ppc64le.rpm SHA-256: 8f3497312439ca52972c61ca5e7c8d5eee4900d40d4b27efcfe7c5c2d352ff7a
servicemesh-proxy-wasm-2.1.3-1.el8.noarch.rpm SHA-256: d2b44332df9e54ffd575f0adb27363d40347a811e1d6ea50377f858828204419
servicemesh-ratelimit-2.1.3-1.el8.ppc64le.rpm SHA-256: 54c5e071871fe48f0a82a8c68414d6cebb22b3f03c5f148894c98d84209d2b92

Red Hat OpenShift Service Mesh for IBM Z 2.1 for RHEL 8

SRPM
servicemesh-2.1.3-1.el8.src.rpm SHA-256: 0c4b63fafeaf8b67b10f47a54f8d371aec3d4eddc7ea93dbfb0812c5de0b2edd
servicemesh-operator-2.1.3-2.el8.src.rpm SHA-256: 1901f7c8213744d904b9b83e254d30be5049dcd16df69fbb429709ec2ede1080
servicemesh-prometheus-2.23.0-7.el8.src.rpm SHA-256: 494340a7de0f1cd72b5f06f1a922ad32330dc9e92c08d7deb7773301ad29613e
servicemesh-proxy-2.1.3-1.el8.src.rpm SHA-256: 128de98ad0ef7b62bf41325f498d9197ef4273fc348dd4d856c32b1efcfb258d
servicemesh-ratelimit-2.1.3-1.el8.src.rpm SHA-256: c1c42c6da327083cf71222a9569da37c2525fcb8d65d34c6779f3face14de6d9
s390x
servicemesh-2.1.3-1.el8.s390x.rpm SHA-256: 3919be1a0a7e1bac4f01c0e87e8e271ebc18af43ff5586f487f03e4eca4a68c0
servicemesh-cni-2.1.3-1.el8.s390x.rpm SHA-256: 21bc0b6a81ca9c250514f3f999759b2f8ade27faa32ef8b551e87263b924acc6
servicemesh-operator-2.1.3-2.el8.s390x.rpm SHA-256: 0d3114bccc29cfcfef3640115cec941827e623aa52d690aa1a4418fde263ff34
servicemesh-pilot-agent-2.1.3-1.el8.s390x.rpm SHA-256: a899754a310fbccdbf289da95b5b7ab4f2fc5c64c7e546cb2c65641e0f98aa08
servicemesh-pilot-discovery-2.1.3-1.el8.s390x.rpm SHA-256: 5055f2fdb630ec200dbdb7f0806eb53b8a6f1b5bdd911072bd10ed09a2f2fc41
servicemesh-prometheus-2.23.0-7.el8.s390x.rpm SHA-256: 67e866d6d9eacdd453fac369b720f538ab86c0525f30841d1dc93d0e23b896ab
servicemesh-proxy-2.1.3-1.el8.s390x.rpm SHA-256: 669ca8797a9f35cca7e84b5d48d1894b5c6f38514aaf26c2ff1f5f11bfcaf585
servicemesh-proxy-debuginfo-2.1.3-1.el8.s390x.rpm SHA-256: 78cc800a1ed95ad52238075a8cce285d4b7e6e4358de8f27c054355adb8603aa
servicemesh-proxy-debugsource-2.1.3-1.el8.s390x.rpm SHA-256: 298d8eeb8dabfe6be61f436263f77aa1eb97fc86b293dd4dd8334c1b3a84d0d9
servicemesh-proxy-wasm-2.1.3-1.el8.noarch.rpm SHA-256: d2b44332df9e54ffd575f0adb27363d40347a811e1d6ea50377f858828204419
servicemesh-ratelimit-2.1.3-1.el8.s390x.rpm SHA-256: ecde2e21b7a41803830e17650dd679eaf27f9722eede58635750256e3272d352

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook