(RHSA-2021:1322) Important: Red Hat OpenShift Service Mesh 1.1.13 security update

2021-04-2208:29:04

access.redhat.com

red hat openshift

istio service mesh

security update

cve-2021-28682

cve-2021-28683

cve-2021-29258

cve-2019-25014

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

73.0%

JSON

Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

Security Fix(es):

envoyproxy/envoy: integer overflow handling large grpc-timeouts (CVE-2021-28682)
envoyproxy/envoy: NULL pointer dereference in TLS alert code handling (CVE-2021-28683)
envoyproxy/envoy: crash with empty HTTP/2 metadata map (CVE-2021-29258)
istio-pilot: requests to debug api can result in panic (CVE-2019-25014)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64servicemesh-galley< 1.1.13-3.el8servicemesh-galley-1.1.13-3.el8.x86_64.rpm
RedHat8x86_64servicemesh-sidecar-injector< 1.1.13-3.el8servicemesh-sidecar-injector-1.1.13-3.el8.x86_64.rpm
RedHat8ppc64leservicemesh-citadel< 1.1.13-3.el8servicemesh-citadel-1.1.13-3.el8.ppc64le.rpm
RedHat8x86_64servicemesh-citadel< 1.1.13-3.el8servicemesh-citadel-1.1.13-3.el8.x86_64.rpm
RedHat8s390xservicemesh-pilot-discovery< 1.1.13-3.el8servicemesh-pilot-discovery-1.1.13-3.el8.s390x.rpm
RedHat8s390xservicemesh< 1.1.13-3.el8servicemesh-1.1.13-3.el8.s390x.rpm
RedHat8x86_64servicemesh-pilot-agent< 1.1.13-3.el8servicemesh-pilot-agent-1.1.13-3.el8.x86_64.rpm
RedHat8ppc64leservicemesh-mixc< 1.1.13-3.el8servicemesh-mixc-1.1.13-3.el8.ppc64le.rpm
RedHat8s390xservicemesh-citadel< 1.1.13-3.el8servicemesh-citadel-1.1.13-3.el8.s390x.rpm
RedHat8s390xservicemesh-mixc< 1.1.13-3.el8servicemesh-mixc-1.1.13-3.el8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	servicemesh-galley	< 1.1.13-3.el8	servicemesh-galley-1.1.13-3.el8.x86_64.rpm
RedHat	8	x86_64	servicemesh-sidecar-injector	< 1.1.13-3.el8	servicemesh-sidecar-injector-1.1.13-3.el8.x86_64.rpm
RedHat	8	ppc64le	servicemesh-citadel	< 1.1.13-3.el8	servicemesh-citadel-1.1.13-3.el8.ppc64le.rpm
RedHat	8	x86_64	servicemesh-citadel	< 1.1.13-3.el8	servicemesh-citadel-1.1.13-3.el8.x86_64.rpm
RedHat	8	s390x	servicemesh-pilot-discovery	< 1.1.13-3.el8	servicemesh-pilot-discovery-1.1.13-3.el8.s390x.rpm
RedHat	8	s390x	servicemesh	< 1.1.13-3.el8	servicemesh-1.1.13-3.el8.s390x.rpm
RedHat	8	x86_64	servicemesh-pilot-agent	< 1.1.13-3.el8	servicemesh-pilot-agent-1.1.13-3.el8.x86_64.rpm
RedHat	8	ppc64le	servicemesh-mixc	< 1.1.13-3.el8	servicemesh-mixc-1.1.13-3.el8.ppc64le.rpm
RedHat	8	s390x	servicemesh-citadel	< 1.1.13-3.el8	servicemesh-citadel-1.1.13-3.el8.s390x.rpm
RedHat	8	s390x	servicemesh-mixc	< 1.1.13-3.el8	servicemesh-mixc-1.1.13-3.el8.s390x.rpm