- 发布:
- 2026-05-12
- 已更新:
- 2026-05-12
RHSA-2026:16537 - Security Advisory
概述
Red Hat OpenShift Service Mesh 3.3.3
类型/严重性
Security Advisory: Important
标题
Red Hat OpenShift Service Mesh 3.3.3
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
Red Hat OpenShift Service Mesh 3.3.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Security Fix(es):
- istio-proxyv2-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
- istio-pilot-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
- istio-cni-rhel9: Possible memory corruption after bound check elimination (CVE-2026-27143)
- istio-rhel9-operator: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
- istio-proxyv2-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
- istio-pilot-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
- istio-cni-rhel9: no-op interface conversion bypasses overlap checking (CVE-2026-27144)
- istio-rhel9-operator: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
- istio-pilot-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
- istio-cni-rhel9: Denial of service in certificate chain building when using Go applications (CVE-2026-32280)
Fixes/Improvements:
- OSSM 3 Operator icon missing from OperatorHub catalog in OCP console (OSSM-13028)
- Applying proxy configuration takes a long time on the FIPS cluster (OSSM-12929)
- Revert changes done for OSSM-12845 (OSSM-13222)
- Revert changes done for OSSM-12930 (OSSM-13223)
解决方案
See Red Hat OpenShift Service Mesh 3.3.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3
修复
- OSSM-12929 - Applying proxy configuration takes a long time on the FIPS cluster
- OSSM-13028 - OSSM 3 Operator icon missing from OperatorHub catalog in OCP console
amd64
| registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:23257a094ce3fd6ec95bae0d8185ad7e17a5bf838bfc81a50375207e9a309c2d |
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:f977fd5abad71842f5e0e8b805ad4a1003b8dd466a39c314b2a5b9b125e567e1 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:204d15ed8b8bd170daba79fbd99861c61776df5069d2288c64781993daaca2f0 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9a33d18d2482eeb76a7ebd10404e54d5556cdf98d0f4fdbf54facda4ce3a8fbf |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:df991997aaf4a8ca43f4938becd43520acd11de06ab101083c0a33486886f3aa |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:1b0467f4bdad9faed783036e6229b56a50111973063bcf4aaf3a602c8eeabe62 |
| registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3ca7c5243b014d9924fd98aa03756e52839c4ba80843b1a08563509bf98d06d8 |
arm64
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:2385f2106783290403877b812edea67f861f3ebcc3b6990b070b62e94fc6dbdf |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2ca3bffba0b8f40fafcdeef1ce73da401175b3ce3893ac176f7f0ce7e9c95ac1 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:40f40b8b068f72525ffd293d13d24acd5172c000691cbedd7e398202872bef1c |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:09219031e9c23053aea4a582d12f8feba24acceac0d4525e3a407239492a8810 |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ae3beff03ea771b020631e5bc7e778c84e8a0cdeffb10af5d3f8f6409b85206d |
| registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f00ee1b029961c307f294d3265699cacb16a9e055e65acabcd996b8ab479ee49 |
ppc64le
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b381c0445928f2bdbdc4ca276b78c16ae1a6e19fca4d66a4d972c323c70570bb |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:42422f5a7654c8897d554844ee2923c58ac3ebf3b23d9c11a582537e67541c99 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:eaaccb1bf78df88abc6f2b16d440b24773240701aa6fef039e776e82481bc159 |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:4db6e30d909f0c9605e51f4057284264bcad79a959428ad219b142af21e267e2 |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:50e5ed85ca682a6fefba0fa0138ef2aedf845fd2457c5beaf25a100f814b56c7 |
| registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:ef9ab6a6c108014df3a755c4b8b72eb9dce20a13e287ecb139100188b4d8678a |
s390x
| registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:555317d71a6322173962d8fc912421edd6d79cd39c55d8cc9a36d1b635f9e099 |
| registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e469542b539575c40b1dd916f0ff1d811c5219fc42cc986f2b67a4b58661b4a7 |
| registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:7015daf9e74ca4bfece7ddbc1766a18d401fd0f90cd4a9b93d6c397cabd9c35f |
| registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:861d0a488fbced512a91df6e75ae6fd14fbefdeab4b7096b7e43f6f10c35de5c |
| registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:36d45c48ce39777c0b6229949c14df18b4200b59a581ff642b30f16dfbdab09a |
| registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:5684e84fb340fed6333e2f41a2a4aaa4612aaf77bb2403bf17f117d5177ad389 |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
