exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-7407-01

Red Hat Security Advisory 2022-7407-01
Posted Nov 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7407-01 - Service Binding Operator 1.3.1 is now available for OpenShift Developer Tools and Services for OCP 4.9 +.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-35525, CVE-2020-35527, CVE-2022-2509, CVE-2022-32149, CVE-2022-3515, CVE-2022-37434
SHA-256 | 012e227d425066acf1cddd9d946b3a26f80b7130b2626aa0f33187b388d2dd22

Red Hat Security Advisory 2022-7407-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Service Binding Operator 1.3.1 security update
Advisory ID: RHSA-2022:7407-01
Product: OpenShift Developer Tools and Services
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7407
Issue date: 2022-11-03
CVE Names: CVE-2020-35525 CVE-2020-35527 CVE-2022-2509
CVE-2022-3515 CVE-2022-32149 CVE-2022-37434
====================================================================
1. Summary:

An update for service-binding-operator-bundle-container and
service-binding-operator-container is now available for OpenShift Developer
Tools and Services for OCP 4.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Service Binding Operator 1.3.1 is now available for OpenShift Developer
Tools and Services for OCP 4.9 +

Security Fix(es):

* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time
to parse complex tags (CVE-2022-32149)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, see:
https://access.redhat.com/articles/11258.

Follow the instructions linked in the References section to create service
binding connections between applications and services using the Developer
perspective in the OpenShift Container Platform web console.

4. Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

APPSVC-1220 - Fix CVE-2022-32149

6. References:

https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-32149
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/latest/applications/connecting_applications_to_services/odc-connecting-an-application-to-a-service-using-the-developer-perspective.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY2QOrdzjgjWX9erEAQjn+A//X6hSXPC7IwDSYPPbFS3+dzfmnysoy/zd
F+yf+uHWgtf4iIJgcqrwqo0Trc9tPqauN6JuBYvROdiK4qJPJm7ni8jme4EU34mx
EX4reTVrltLti8Dhv1G9CrtHZic9dxV9zZrxbMP16BaNlHkhlvi5q6JipZLTc+qU
KlLr79UN/cBfzfKYc53Nbfej+q4GbG97imnOysKozP+v5YN7f9SLycFoxIo1tv53
kQGNdWpFBE7AAhd28fn0iXK8D1Y9FW//xahuJAH+NA/oIjbFRRmwGMxaeANo88Cy
jqUoCXCykAmOsKiFHXiD4fu/TsmAkHUuguwzrZvtlapjpKDCKKPiOD4G/uBMyhtb
dXH+2kMOMNRA38LMFHKCsltPHqPzKiMS5UnYk6w7yXDl7IW/45rt0HrK70/Yt9jr
22XrvLnYSMHStEzhPcxHuUAt1m2bVk67XMYfH5luQRdKbdG+nMWx9ekA8Fhyebax
nRpNDPdbETleXS4NMXACtVkaT/ps7JnrrhbsXB4bW4tAj8l5ryUeNu0aA+6uZo3K
Om2MES7KriMsCvU93v8/AmIxtMERAVHxPlo230bB4y4MQiA0l3IxGViRZdDM5N2p
7acUjOyNm6PvsZQ33gDgH4pwddBIaAOu/nDJUAzHPqFrPTmrHmMe/OGPo9sb6QEq
oTqLGhQ76lU=CnnY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close