- Issued:
- 2025-12-09
- Updated:
- 2025-12-09
RHSA-2025:22944 - Security Advisory
Synopsis
Red Hat OpenShift Service Mesh 3.1.4
Type/Severity
Security Advisory: Low
Topic
Red Hat OpenShift Service Mesh 3.1.4
Description
Red Hat OpenShift Service Mesh 3.1.4, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
- Updated to Istio version 1.26.6
Security Fix(es):
- istio-proxyv2-rhel9: AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections (CVE-2025-53643)
Solution
See Red Hat OpenShift Service Mesh 3.1.4 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
CVEs
amd64
| registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:459720a287d839ad70886879d8089d821a2f98dcc32a5db5732ecf18a05b3fa6 |
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1f6c06aac56036c948ea08e9ca6e969f67aa386daa4a35055ab1abb4aa270a44 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654e2be5da6ecb0e5d9a268cc16595c7bc5ea77b5603485199d2029419a55d47 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:35f90720e07d003d214119558f67e63b59f7853fbe58d2954b2fb1994e324659 |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:91a3cdb1a555fc13ad0a7db81a4f1d68ad8709d3a6c8eeaf4c43b8d0b07cd8da |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3845c35d4c3d0ae0234d6e39b4c79f635fa749aa0574b9026786701ef07903e6 |
| registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e58b8c132bb30908ce0467bde27eab7ae026d602f5d80d1e120e6859eb4d351b |
arm64
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1980a2e6dfe634040ac3902d0c5218399a0dd2c6832de428dcff10f0dd358c21 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:15d5ad251e981a67172c72687db4943b306706318cd906a27428269f7e666574 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:8070b82e4c2c2f2e2d77d188b7745ff639cff619ca6c87a6975cc201885cf42d |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ea316652cd41e1535dadc8c1edf508e93365def5786c947c5433285f76521dcb |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8922ed77ae1885d06d208ba02f3f467b3dc4f187378d764fc23b1c9e9cbf46c9 |
| registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:bf79d1fb4c7faa22048386a5c3eb7f1a91329f72419c502a040109799f700ccb |
ppc64le
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c63cb7046e32a40fcb69e0011e3be6acf2d577430dcb63d5da4b456444a86fb0 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:d3d87d5cd3e37432720ebc28298798af42b16aca869d9e45055b0ca045807926 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:28e0ddff94b502c58882652d5a45a758b535a3dcb021342a12f7ab890ab079bf |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:e0907a964915fbd8557de4903576a2bfec737afa84ad763c4c675c2a463070c7 |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:269c549b0d377550d638507d1cad8e41359f5e37ac042374948213a4d0fd400e |
| registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:74476396ba74d9bfa0836aec493f8f90cabd2ee54ac25214059f761e0ccc55a4 |
s390x
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f1c58a60a9b1e096c6b9ad81f020334afb9cdc5d628b2de2ec21cc99fae569f4 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1776f044e8b0e54037f85af9192b27ad0a5e5daef074e78bacca716ec15a76a3 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2d2450504dea628beb245c75e301de9758d84a8451af4b565f60cfd362d05d58 |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7d40b0b37e1144daeaa81cde039af785431586e9ce2cba8df12c21351524f91a |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1530e9b93614fa2136787037bf61979a1a4822827ce548a9aba27412cbc8dbb5 |
| registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:bcf7a03251f261d26600a686cca4a19e8247cae2cb355af8e3e8215bc066f085 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
