红帽产品勘误 RHSA-2026:3559 - Security Advisory
发布:
2026-03-02
已更新:
2026-03-02

RHSA-2026:3559 - Security Advisory

概述

Red Hat OpenShift Service Mesh 2.6.14

类型/严重性

Security Advisory: Important

标题

Red Hat OpenShift Service Mesh 2.6.14

This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Red Hat OpenShift Service Mesh 2.6.14, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.

Security Fix(es):

  • istio-operator-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • istio-cni-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • pilot-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • ratelimit-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
  • istio-operator-rhel8: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  • istio-cni-rhel8: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  • pilot-rhel8: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  • ratelimit-rhel8: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
  • istio-operator-rhel8: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • istio-cni-rhel8: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • pilot-rhel8: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • ratelimit-rhel8: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
  • istio-operator-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • istio-cni-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • pilot-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • ratelimit-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • istio-operator-rhel8: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  • istio-cni-rhel8: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  • pilot-rhel8: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  • ratelimit-rhel8: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)

解决方案

See Red Hat OpenShift Service Mesh 2.6.14 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x

修复

(none)

amd64

registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:63ac3cee1a38f321dbdcb26e9b8bc4300bfe76bc38cb636004b91623c75aff86
registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:57bfa19df7cd8c94c9a1887195fa14583ec95607c65ab1a37ed36e515bf015d6
registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:00b06379319a10eab80e4287dfb4ca280bcdc225857eda09aab019912df266cc
registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:dcbb2fdf5a578754156453c39006056aa42b22ec3a91b47a196939f5371d2884
registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:3b963918db39c3a29370452c4d2412a5590ebc0b0ed05528c6c1749550f16883
registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:84cac542d17180bc2103b553b8aa695668e9593d8f3c120ac6cf84af3843be2e

arm64

registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:f0b58a20ccb618c10f3bb362d6864f32d745706e351a987542c53105a88378f4
registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:66c71452d031ef9b5b99b6ee124babfed74ed9ef8697a07e237e4d67a1dc197f
registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:3462c8c5f48bce1a0b67fb91b9ec2addf658351ad2d0b2a83b508c62de326b9a
registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:e84615cc4becd27ace58a15c20c791cdff22d3e4ce267c73606bdcb36ff99f79
registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5024ef5bf24b002920ef504f7dd81cc1f6a92bf9e99769ff9d6d7a2390ee69fb

ppc64le

registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:c4d28d0365c81b302827338e517aa7b97e4e234f3e2b611035316162c2eed77c
registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:0c6a12c583d7dd62540e4ecc34a805e8ae69bd3e0db36d665440abb87dd90b6f
registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f62c529feebed0564ff70d317058d08bfb48429d997c941f89c9abd4b41cb040
registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:5b86898fbbd6d700a925c55b3f25b0c965e34f41a6af6cbb197107ff19f8056d
registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:79176bc3c4edbe030c867a9e68cf86fdd98ba645a85faaa18e39b313530c3456

s390x

registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:ee2fe46057b423f7352037f0203357a3d7d2ccbcb87d51cdab200121d4315bb7
registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ed1bd8e74eb84fe2cb11227bf4483244d48b9e396ba209b2682bbf297ddacce3
registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:9920d110f9e91ac94bb68329ade74f6ff4cb12bc836cf26c3784a128e5740b23
registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:8c2943d00fde9270625caee1e36e6b49e0880352ecaa39a35bad7f2955801615
registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:1f004a30a398677b3f7293ffe4afbf0a172179ab18336b3176fe70f4c8a1f77b

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/