RHSA-2023:3645: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.<br>This advisory covers the RPM packages for the release.<br>Security Fix(es):<br><li> mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)</li> <li> async: Prototype Pollution in async (CVE-2021-43138)</li> <li> express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)</li> <li> terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:3645?
The severity of RHSA-2023:3645 is classified based on the vulnerabilities it addresses within Red Hat OpenShift Service Mesh.
How do I fix RHSA-2023:3645?
To fix RHSA-2023:3645, you should update the affected RPM packages as recommended in the advisory.
What vulnerabilities are addressed in RHSA-2023:3645?
RHSA-2023:3645 addresses specific vulnerabilities related to the mongo-go-driver within Red Hat OpenShift Service Mesh.
Which versions of Red Hat OpenShift Service Mesh are affected by RHSA-2023:3645?
RHSA-2023:3645 affects specific versions of Red Hat OpenShift Service Mesh that include the vulnerable RPM packages.
Is it necessary to reboot after applying RHSA-2023:3645?
A reboot may be required depending on the specific updates and your environment configuration after applying RHSA-2023:3645.