Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2022:6272 - Security Advisory
Issued:
2022-08-31
Updated:
2022-08-31

RHSA-2022:6272 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenShift Service Mesh 2.0.11 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update is now available for Red Hat OpenShift Service Mesh 2.0.11.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

This advisory covers the RPM packages for the release.

Security Fix(es):

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

The OpenShift Service Mesh release notes provide information on the features and known issues:

https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html

Affected Products

  • Red Hat OpenShift Service Mesh 2.0 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2.0 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2.0 for RHEL 8 s390x

Fixes

  • BZ - 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
  • BZ - 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
  • OSSM-1864 - RPM Release for Maistra 2.0.11

CVEs

  • CVE-2022-24785
  • CVE-2022-31129

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Service Mesh 2.0 for RHEL 8

SRPM
servicemesh-2.0.11-1.el8.src.rpm SHA-256: b77eed9eff6d407e38cd2972663dcabf265644fff0f1db29519b6032ab0e17fe
servicemesh-cni-2.0.11-1.el8.src.rpm SHA-256: 28e2b0ad550c5a66a895972f92e76b4924073faa21cba1bdccbd46d4bd092ab4
servicemesh-operator-2.0.11-1.el8.src.rpm SHA-256: 52560380d945755705910d1ba0092a9513e6a1fcba28d7f3b6d351fe9a3a0ee9
servicemesh-prometheus-2.14.0-18.el8.1.src.rpm SHA-256: 4dae57072a6f459bd3d894c98214d1f331d1603492d7af795f1f38effb1bd63e
servicemesh-proxy-2.0.11-1.el8.src.rpm SHA-256: 1977efa10e5a9f1829020e6ef7631cb19f2c55ea505a7cb54ae7650a7dbd43b5
x86_64
servicemesh-2.0.11-1.el8.x86_64.rpm SHA-256: bdb0f5879c0aff8e58224d4a80cc9c83390995883fd8eb8e3c9f995ca5227209
servicemesh-cni-2.0.11-1.el8.x86_64.rpm SHA-256: a19e199fbc30ac10591d50b6543cda5476e94b7d115d3db29b23c159230b41b8
servicemesh-istioctl-2.0.11-1.el8.x86_64.rpm SHA-256: 125a80232aeccdb60c0b9b00dc18e45298264e2473d5469b12d5c9a6f1736ae8
servicemesh-mixc-2.0.11-1.el8.x86_64.rpm SHA-256: ba5735b330652ee2a5364700cec0364a162528377365840a2ea6c5ed35d525b6
servicemesh-mixs-2.0.11-1.el8.x86_64.rpm SHA-256: df7e2d51b17ef18374335cdee44a98ddb80760f85f3605609609c4ddbf2b33f9
servicemesh-operator-2.0.11-1.el8.x86_64.rpm SHA-256: 114910c4531581466ffdde30bea69ac073dbca9f4f9e31bfaec8d20f8ed7befe
servicemesh-pilot-agent-2.0.11-1.el8.x86_64.rpm SHA-256: a4b782e64ec440da2b622f5d8e767708ddf2479b148bcb46d85f30b319e39685
servicemesh-pilot-discovery-2.0.11-1.el8.x86_64.rpm SHA-256: 427eef9922ddb46d121e8565c5fd5d71aa5b00676f713ac8a33f4839e665938c
servicemesh-prometheus-2.14.0-18.el8.1.x86_64.rpm SHA-256: fb4596e3ed13fe41b6cbfdda031a989e2158d75e4f84eecf3995d8dbd73f4a20
servicemesh-proxy-2.0.11-1.el8.x86_64.rpm SHA-256: 8cb31f09d579715bf3edabd0a80066080ba7e14813f22c7f326cca97c1c5fd9d

Red Hat OpenShift Service Mesh for Power 2.0 for RHEL 8

SRPM
servicemesh-2.0.11-1.el8.src.rpm SHA-256: b77eed9eff6d407e38cd2972663dcabf265644fff0f1db29519b6032ab0e17fe
servicemesh-cni-2.0.11-1.el8.src.rpm SHA-256: 28e2b0ad550c5a66a895972f92e76b4924073faa21cba1bdccbd46d4bd092ab4
servicemesh-operator-2.0.11-1.el8.src.rpm SHA-256: 52560380d945755705910d1ba0092a9513e6a1fcba28d7f3b6d351fe9a3a0ee9
servicemesh-prometheus-2.14.0-18.el8.1.src.rpm SHA-256: 4dae57072a6f459bd3d894c98214d1f331d1603492d7af795f1f38effb1bd63e
servicemesh-proxy-2.0.11-1.el8.src.rpm SHA-256: 1977efa10e5a9f1829020e6ef7631cb19f2c55ea505a7cb54ae7650a7dbd43b5
ppc64le
servicemesh-2.0.11-1.el8.ppc64le.rpm SHA-256: 0ec708ae4e0c9b09953f432a394e9d16f5b18d41a9a7ff94baeab79e6c903933
servicemesh-cni-2.0.11-1.el8.ppc64le.rpm SHA-256: 9331773494d6985834adb92fba665e2ac5ddc2cb4384019cdea31d311b6b0f92
servicemesh-istioctl-2.0.11-1.el8.ppc64le.rpm SHA-256: 20c91ba5efc4e487ecdd8feb3b153f2c762b6a1cb3ed0f17492a7a1d2ecdb677
servicemesh-mixc-2.0.11-1.el8.ppc64le.rpm SHA-256: 4e2ad7bde6bb58d1f4478e84e62a7a5adbb9f32288bc2b2ad87321007f58f9ec
servicemesh-mixs-2.0.11-1.el8.ppc64le.rpm SHA-256: 727ce546ec064f35051bfa36e376807f8ab5f51839cd377f4f58f138bc452ee0
servicemesh-operator-2.0.11-1.el8.ppc64le.rpm SHA-256: 0cfc01d72f69ff69c26315723b8159ab8e72c75209af68d81c49344fdc377759
servicemesh-pilot-agent-2.0.11-1.el8.ppc64le.rpm SHA-256: a373ad5177e466dc0a7541113f02d625235f2a7a9a3176921b89801d38955be5
servicemesh-pilot-discovery-2.0.11-1.el8.ppc64le.rpm SHA-256: 07499c9b6baa51e181bf80445b685719027fc48067dd9bbc30815a7b9c18afad
servicemesh-prometheus-2.14.0-18.el8.1.ppc64le.rpm SHA-256: 529fef1f59fdbff2c1775f449471ff8125f2dee2b77850d1b8d48626ceb159cd
servicemesh-proxy-2.0.11-1.el8.ppc64le.rpm SHA-256: 7ac35fc29401447ace969598a4fece573b2a270095f50763b36b69bb391cbe5b

Red Hat OpenShift Service Mesh for IBM Z 2.0 for RHEL 8

SRPM
servicemesh-2.0.11-1.el8.src.rpm SHA-256: b77eed9eff6d407e38cd2972663dcabf265644fff0f1db29519b6032ab0e17fe
servicemesh-cni-2.0.11-1.el8.src.rpm SHA-256: 28e2b0ad550c5a66a895972f92e76b4924073faa21cba1bdccbd46d4bd092ab4
servicemesh-operator-2.0.11-1.el8.src.rpm SHA-256: 52560380d945755705910d1ba0092a9513e6a1fcba28d7f3b6d351fe9a3a0ee9
servicemesh-prometheus-2.14.0-18.el8.1.src.rpm SHA-256: 4dae57072a6f459bd3d894c98214d1f331d1603492d7af795f1f38effb1bd63e
servicemesh-proxy-2.0.11-1.el8.src.rpm SHA-256: 1977efa10e5a9f1829020e6ef7631cb19f2c55ea505a7cb54ae7650a7dbd43b5
s390x
servicemesh-2.0.11-1.el8.s390x.rpm SHA-256: 12e35a8998db960712abaf614cf5384dfc30c2ad8091dc4b778e2ab14df569f6
servicemesh-cni-2.0.11-1.el8.s390x.rpm SHA-256: 291d09d28b3325d1db34ad9a61f10cb3aacc7f8daf2d7c86aba68c6f3e46697d
servicemesh-istioctl-2.0.11-1.el8.s390x.rpm SHA-256: 4d79d3196c53846996758bb4319b0a77c8f92e41559d307a6f5979618a6e7d1d
servicemesh-mixc-2.0.11-1.el8.s390x.rpm SHA-256: ad3e61fa037379378892445f33f7a104e887396a03c8d43d1b2c78055543f480
servicemesh-mixs-2.0.11-1.el8.s390x.rpm SHA-256: 57a8fffbacc9599a5c431014324b1dfa57b70ea7d4d24c16774a68a693c04a1d
servicemesh-operator-2.0.11-1.el8.s390x.rpm SHA-256: eddf1c6d070405507ed77fab969b45f4e3b004a8ccbbe757e473af12a9466b6a
servicemesh-pilot-agent-2.0.11-1.el8.s390x.rpm SHA-256: 24f500c6bc8bbdf52db9ad457817cb23e289023d44555abeef9e2e7d06dd1098
servicemesh-pilot-discovery-2.0.11-1.el8.s390x.rpm SHA-256: 23dcb0068b187c264ca1c6564a1a45d829723569e9688dd8a04df573c32bf257
servicemesh-prometheus-2.14.0-18.el8.1.s390x.rpm SHA-256: 0f7dc7a64aa2f63f0fd23f4cf357b811750da45c9e1c7fe79ac1d4bc875527b6
servicemesh-proxy-2.0.11-1.el8.s390x.rpm SHA-256: 2464bc2e118deefc12fc240d43fe3db6d4e696431d110ac2d7d719c06c01f5b1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter