RHSA-2020:5605: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.<br>These updated images include numerous security fixes, bug fixes, and enhancements. <br>Security Fix(es):<br><li> nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)</li> <li> nodejs-json-bigint: Prototype pollution via proto assignment could result in DoS (CVE-2020-8237)</li> <li> golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)</li> <li> golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)</li> <li> golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:<br><a href="https://access.redhat.com/documentation/en-us/redhatopenshiftcontainerstorage/4.6/html/4.6releasenotes/index" target="blank">https://access.redhat.com/documentation/en-us/redhatopenshiftcontainerstorage/4.6/html/4.6releasenotes/index</a> All Red Hat OpenShift Container Storage users are advised to upgrade to<br>these updated images.