Red Hat Product Errata RHSA-2023:7216 - Security Advisory
Issued:
2023-11-15
Updated:
2023-11-15

RHSA-2023:7216 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift Service Mesh Containers for 2.4.5

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Service Mesh 2.4.5 Containers

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fix(es):

  • openshift-istio-cni-rhel8-container: golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 2 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2 for RHEL 8 s390x
  • Red Hat OpenShift Service Mesh for ARM 64 2 aarch64

Fixes

  • BZ - 2228689 - CVE-2023-3978 golang.org/x/net/html: Cross site scripting
  • OSSM-3647 - WasmPlugin applies also to outbound traffic

aarch64

openshift-service-mesh/grafana-rhel8@sha256:87e7107dcd68a19655144b418be8cb7e0416069862910014bfad67775550d37f
openshift-service-mesh/istio-cni-rhel8@sha256:6f31b6699af13e5fee48327477dbda0a0c27cb5f0b93ea23d613d9c3c8c7780f
openshift-service-mesh/istio-must-gather-rhel8@sha256:1d2e101a4bc10b2a446184c26b4b9ec7ffdf2611ad8b31e4a69f1e9b2458d9eb
openshift-service-mesh/istio-rhel8-operator@sha256:33f134c5f4a9385a8b4939cad33d7040bb6052783f1cb80ec96b5a6662640614
openshift-service-mesh/kiali-rhel8@sha256:d387f8e52c7a44355d814bf6c82a668e830ec0acf75fa8ecded81c04b984052d
openshift-service-mesh/kiali-rhel8-operator@sha256:d8046a7110f4218d2eedec0b0d9b9fc1b5dfe3b9b160c0270afeb237e834401c
openshift-service-mesh/pilot-rhel8@sha256:d7e34f313fabdc60471a51a0d4a048b78206f43cbc08801606ac9a943129d1ca
openshift-service-mesh/prometheus-rhel8@sha256:fd5dc2c7afa364c42fd5b8491906ce63b3b6f890a823657b0de4d70e91b036b0
openshift-service-mesh/proxyv2-rhel8@sha256:26a744c567736cd65c07c0fbe65575ed6fba6d65ca47a66b38462b6c6f0d28bb
openshift-service-mesh/ratelimit-rhel8@sha256:c03fcacd3a9bbf8adacc0982c1c8e9a0a70b63f0fa033a0cc4047636a097c75c

ppc64le

openshift-service-mesh/grafana-rhel8@sha256:a640e5044c2fc2e26b6a5f579f0306248465d684be361a1ace51cf5d21671842
openshift-service-mesh/istio-cni-rhel8@sha256:49b535ec71aef9df915dacae723ce856444476027408e00100e54fa91c20af51
openshift-service-mesh/istio-must-gather-rhel8@sha256:02b8b400f37a262e4ee0f90285ebf4a105ef3687844a682b96b856ddbc55fd98
openshift-service-mesh/istio-rhel8-operator@sha256:d35850c8b597f1b20f813cb48c35b7ad7de4f1df143d95d1f507fbc59514e4ed
openshift-service-mesh/kiali-rhel8@sha256:7390095944521e2289f9ba93bea591d049c381d962fe79ff508eed1a745a581a
openshift-service-mesh/kiali-rhel8-operator@sha256:10d7c96cf9bd4a3b148bcb6c8d4551358763d33bd6ed916a330ca74701ce863b
openshift-service-mesh/pilot-rhel8@sha256:546e6ae9f42e53b84aed2155451ef8d153e3159dc9f31165c929f2a474e1740f
openshift-service-mesh/prometheus-rhel8@sha256:6dae51d8d9132ef78cf745c6d7abc18e2e997d944ff549d7236b78d87b8abcd9
openshift-service-mesh/proxyv2-rhel8@sha256:3f527790de59de6b9fe54ef0eb98488d6d04ff9786b63c55b6f4ba86e3e1bbcf
openshift-service-mesh/ratelimit-rhel8@sha256:f8440df2d4ccd70cc63c7012aeb1e000053e0614240e23fceb6fa3a668cd7d2d

s390x

openshift-service-mesh/grafana-rhel8@sha256:644878a22cf239131f9e668f9af86151431bb7ad92d5a8b3518e33381ced4018
openshift-service-mesh/istio-cni-rhel8@sha256:02bc221662a1027a4dedc730ee404ef4cb020326acb7138bc30cc76cdcb1773d
openshift-service-mesh/istio-must-gather-rhel8@sha256:258d4d05f8ac985bc717cf44afab2c1ef7d3374ceddea03b37ada8ffbf8e2a87
openshift-service-mesh/istio-rhel8-operator@sha256:7aa29ba099aa9d0de9427abe8b740029eb261a00a329a840a22c330079eb8d0b
openshift-service-mesh/kiali-rhel8@sha256:b96faaeabae9c8d5a042d3f79eb96611636522e18f193048ad1b59df85e61e92
openshift-service-mesh/kiali-rhel8-operator@sha256:b1f0d38517e6640af2329eb3c2e28dd907b7d223d147e4d9c23545f4a59259d7
openshift-service-mesh/pilot-rhel8@sha256:159d5eb904d3848ec8c77b46fee0a7b99288a03acdb4f684952ff96b25cb3321
openshift-service-mesh/prometheus-rhel8@sha256:8223000da50627f07ad33ba1dc19e8129258804a33794e1f07455ef6a2ab8808
openshift-service-mesh/proxyv2-rhel8@sha256:02e2895671200a0c6cad72a753960bdda8fdd34c767dd3267625b40a63940a15
openshift-service-mesh/ratelimit-rhel8@sha256:141ba72459b36dc9052c660a2fe9aefa8dd2cbfd76af7d6fe9ad3e09ee43816d

x86_64

openshift-service-mesh/grafana-rhel8@sha256:f81cd557534e85f4a61b83c9e7623de5c197477d17b5fe701ae4f57b6ea38c3b
openshift-service-mesh/istio-cni-rhel8@sha256:ed9b8e150e430763f16c88392a8bd23096cd50b7b8b93ce42ab818dee3a30da4
openshift-service-mesh/istio-must-gather-rhel8@sha256:70fbb8577a31c612aa40c5a83ea8655cb713b4abff64b10d4e44cd1cbf83c899
openshift-service-mesh/istio-rhel8-operator@sha256:c20a411840c14baa5be2154e0d094b2cccc484826c03d1c60f21b3081262efed
openshift-service-mesh/kiali-rhel8@sha256:629207668baefc81e74c1387db57fcb32c7fc049459999da286849786e4b7a22
openshift-service-mesh/kiali-rhel8-operator@sha256:66efecc6802115ba5bf4963a97b2f192a429aa34bff0f46a0e798eba4a52aac5
openshift-service-mesh/pilot-rhel8@sha256:f71a9ce1d58551643217400a76280600c77c49d7777faebdb4b38892bb832757
openshift-service-mesh/prometheus-rhel8@sha256:10f78c1c6308a98cbad40a5f4b7bf8db13273a1d15cdbfcddfc77d091ce54983
openshift-service-mesh/proxyv2-rhel8@sha256:380547be6794ee05f864be58e713507aae44dea8b1e3bf6ca06f5119d301449e
openshift-service-mesh/ratelimit-rhel8@sha256:45ad9e7feef9dc90526874512268a3f9f651eed09375bb30d683f6d1ae4b9620

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.