Red Hat Product Errata RHSA-2025:1051 - Security Advisory
Issued:
2025-02-05
Updated:
2025-02-05

RHSA-2025:1051 - Security Advisory

Synopsis

Important: Red Hat OpenShift Service Mesh Containers for 2.5.8

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Service Mesh Containers for 2.5.8

This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fix(es):

  • kiali-ossmc-container: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x (CVE-2024-52798)
  • openshift-istio-kiali-rhel8-container: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x (CVE-2024-52798)
  • kiali-ossmc-container: nanoid mishandles non-integer values (CVE-2024-55565)
  • openshift-istio-kiali-rhel8-container: nanoid mishandles non-integer values (CVE-2024-55565)
  • openshift-istio-kiali-rhel8-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
  • openshift-istio-proxyv2-rhel8-container: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Service Mesh 2 for RHEL 8 x86_64
  • Red Hat OpenShift Service Mesh for Power 2 for RHEL 8 ppc64le
  • Red Hat OpenShift Service Mesh for IBM Z 2 for RHEL 8 s390x
  • Red Hat OpenShift Service Mesh for ARM 64 2 aarch64

Fixes

  • BZ - 2330689 - CVE-2024-52798 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
  • BZ - 2331063 - CVE-2024-55565 nanoid: nanoid mishandles non-integer values
  • BZ - 2333122 - CVE-2024-45338 golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

aarch64

openshift-service-mesh/grafana-rhel8@sha256:fb2797a5c3803f88f0a9c5890eaca9f9da1cfdcf19ef32f7914abeb9479170cf
openshift-service-mesh/istio-cni-rhel8@sha256:ff6812ce8f74dcd50ddefcf7c5b7fb767d49fb1358f4d26f7bfcfe84e43182c4
openshift-service-mesh/kiali-ossmc-rhel8@sha256:96498f9c161062eb23dd5276104ffc04fc48e39c2641b3b1fec65e3829874e56
openshift-service-mesh/kiali-rhel8@sha256:18ec8baef7eda33cd1220f21b3370fb7048cd9643847b80f3329568a9ba2da98
openshift-service-mesh/pilot-rhel8@sha256:eb14febb28a84a028b35f871c14ce741558f9cde3b3d789a4fa148cf4017c980
openshift-service-mesh/proxyv2-rhel8@sha256:a6ad7a54d1d175434d8cba233e9bde3fd7ae7f039a4c2e3bd2aa42fe4f161181
openshift-service-mesh/ratelimit-rhel8@sha256:8676b8cf4cb2166e7602fcf5342dfbfeee7f0dbc7e7aea296da1fba729d524bf

ppc64le

openshift-service-mesh/grafana-rhel8@sha256:cdd38d31093ecbdb39df9e4cb3dca75a9823de16ae0b3e52d0a341893f429cd4
openshift-service-mesh/istio-cni-rhel8@sha256:e21d32a441726cc62a6a3ef3847f3ed8cddf07c61ac9c3b219922748a0b142be
openshift-service-mesh/kiali-ossmc-rhel8@sha256:fae6c33602d356534bd3ce0f439a273ee6dab8806d04167f1f6ffdb46c9cd3ba
openshift-service-mesh/kiali-rhel8@sha256:d72c64dcabf9796a57bd9fcaecf4dbfdbe61e6e0ac6bc1c31f541f6b324224ef
openshift-service-mesh/pilot-rhel8@sha256:17c0bbe9d31cfb10e14d6aca9a6a0ad49e9be59038f3c4e04b985b6c8ea5cfd7
openshift-service-mesh/proxyv2-rhel8@sha256:61742a85adce623c50e998c51e93d32cd0f86ece1328978e9d5702751dc0346f
openshift-service-mesh/ratelimit-rhel8@sha256:413b274166a58abcf3b89dff39f45a2de213970dcf96c7a7ad25b7797d579fa7

s390x

openshift-service-mesh/grafana-rhel8@sha256:b482521bfdbc1e9dc205ab789cd24f7e4b64a4ba2f51cd5eedc2cee890fca395
openshift-service-mesh/istio-cni-rhel8@sha256:7466d9f61039a268ccc8cd98e0c81edd12f91f467ee045633a96916b9043bd0b
openshift-service-mesh/kiali-ossmc-rhel8@sha256:a1177d3329367ceee87bf080e780f9d4644dc1b17b88e7ea9972ad38ce444db4
openshift-service-mesh/kiali-rhel8@sha256:063cc757f97fcf7c53d29b1c14dc647a8924ac62c390f8a7dde52b34f3539182
openshift-service-mesh/pilot-rhel8@sha256:14d6fd1a92119c65922c3785987545ca3f14e935c1b90a63ec1a584fb6ad3552
openshift-service-mesh/proxyv2-rhel8@sha256:73156a9f853e36efe1e84efa9c2094d96870d8a49fbf35709bd9b30b90e93cee
openshift-service-mesh/ratelimit-rhel8@sha256:f8693632849a66d2c974c937edb7b45f0c9fd0d79c84ca01805ab0e8b658280e

x86_64

openshift-service-mesh/grafana-rhel8@sha256:392a0b0f15101fde9463e07e4676426d07a52637960090a75f4d521f81109f97
openshift-service-mesh/istio-cni-rhel8@sha256:ddce1cbbc6a4bf75835fe7b54ddb9f61bdd4d934e59fb89b3d2c32f331e6b4ab
openshift-service-mesh/kiali-ossmc-rhel8@sha256:945cddb3b3ff19417ebcd098e60f77774290668fdd7654cce96ec158198b5a30
openshift-service-mesh/kiali-rhel8@sha256:eed6ea951d6d885f72aa4363d045f7025ee05fd8186d702cee4ceb42b8a32f82
openshift-service-mesh/pilot-rhel8@sha256:40d05d8bd9d7e6e9482e9762b3f715b36d04c0114fd927c8e9e155ec30c93559
openshift-service-mesh/proxyv2-rhel8@sha256:8df315db1b814702e59de268436f128241ce7033cdff6f1752d3c887b8da6095
openshift-service-mesh/ratelimit-rhel8@sha256:603aeb7989086db84d0520f78aa804ad3f19bc6936e5d8e2912083b27e74c99e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.