—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update
\nAdvisory ID: RHSA-2022:0687-01
\nProduct: OpenShift API for Data Protection
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0687
\nIssue date: 2022-02-28
\nCVE Names: CVE-2021-3521 CVE-2021-4122 CVE-2021-29482
\nCVE-2021-41190
\n====================================================================
\n1. Summary:<\/p>\n
OpenShift API for Data Protection (OADP) 1.0.1 is now available.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Description:<\/p>\n
OpenShift API for Data Protection (OADP) enables you to back up and restore
\napplication resources, persistent volume data, and internal container
\nimages to external backup storage. OADP enables both file system-based and
\nsnapshot-based backups for persistent volumes.<\/p>\n
Security Fix(es):<\/p>\n
* ulikunitz\/xz: Infinite loop in readUvarint allows for denial of service
\n(CVE-2021-29482)<\/p>\n
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, and other related information, refer to the CVE page(s) listed in
\nthe References section.<\/p>\n
3. Solution:<\/p>\n
For details on how to apply this update, refer to:<\/p>\n
https:\/\/access.redhat.com\/articles\/11258<\/p>\n
4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
1954368 – CVE-2021-29482 ulikunitz\/xz: Infinite loop in readUvarint allows for denial of service
\n2024938 – CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion<\/p>\n
5. JIRA issues fixed (https:\/\/issues.jboss.org\/):<\/p>\n
OADP-198 – MTC upgrade path will be affected by changed labelselectors on operands
\nOADP-223 – Velero is reconciling on BSLs in other namespaces
\nOADP-272 – Migration of internal images fails due to `common` plugin not labeling deployments<\/p>\n
6. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2021-3521
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4122
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-29482
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-41190
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate<\/p>\n
7. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBYh2dctzjgjWX9erEAQjtow\/\/b6H6CxJ6cUg\/2iTpwGzaOypH1+alfmXV
\nfUEaGJa+GIiLxMddbjTpjVbeZ3zAIlydyTHy2BqKfgz\/iAacyN6PnuQ2JY5xLoQ9
\nlYKYmxFzbPNcrlmw9PmkQAGz3SIlokgg7sJXDrtp+cluauvWY+Uajr5MWAbVcieF
\nuqwYcC433P5UPuvaqkSurDQ6HKb4h+PYYDcr3X9NYgFpeu4MPy7yhYMXEYgw\/Exh
\nXi5LkowIKoqTtlAC0TZLk+zgPrbGwO3Xcp059GPTQzD+esEzIroYvoBtECEX6W71
\nlfvtIrmQ3cLuJcUlM6e1LsmDWQ9MW0jgsKuZv0kl4w83USsbn6kYA2RTMnKIUtwG
\n++L8PKy6+3bTEDhfn1Rxo7+7CuupKV4zqMWjyO+NLsCZbrXh4OwXdr1\/SzRsDuFe
\n4GxgVBvlhUOzwPuDedN9Yh69Iy6w7\/ny9QkSFPwWtbjdjrXmjFOadmbhFWFHsmYy
\nHWMsTYU8fHQ2jA4VbwhNJ7KOdAEu9gZIxUDf+ID+5kCX+N2hOyJc8Mbki4dSZZk3
\n4X\/6AxmYh0eQXaMXY9aJOlWa6pqP1196I1+Ng+ovofkq9DPZy6olS3Fcb70+jcRS
\nmGRGBCBXBKoBoJUd7c1tkfsBDoKECVPMnr\/74tyq9uPpNqXXnuvEmtidcjePtMj2
\nj0PM4dQ0HxE=eI5d
\n—–END PGP SIGNATURE—–<\/p>\n
—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update Advisory ID: RHSA-2022:0687-01 Product: OpenShift API for Data Protection Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0687 Issue date: 2022-02-28 CVE Names: CVE-2021-3521 CVE-2021-4122 CVE-2021-29482 CVE-2021-41190 ==================================================================== 1. Summary: OpenShift API for Data Protection (OADP) …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21146","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21146"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21146\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}