{"id":27354,"date":"2022-07-22T01:28:11","date_gmt":"2022-07-21T21:28:11","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167778\/RHSA-2022-5673-01.txt"},"modified":"2022-07-22T11:36:27","modified_gmt":"2022-07-22T07:06:27","slug":"red-hat-security-advisory-2022-5673-01","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/red-hat-security-advisory-2022-5673-01\/","title":{"rendered":"Red Hat Security Advisory 2022-5673-01"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n

=====================================================================
\nRed Hat Security Advisory<\/p>\n

Synopsis: Important: Release of containers for OSP 16.2.z director operator tech preview
\nAdvisory ID: RHSA-2022:5673-01
\nProduct: Red Hat OpenStack Platform
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:5673
\nIssue date: 2022-07-20
\nCVE Names: CVE-2021-3634 CVE-2021-3737 CVE-2021-4189
\nCVE-2021-40528 CVE-2021-41103 CVE-2021-43565
\nCVE-2022-1271 CVE-2022-1621 CVE-2022-1629
\nCVE-2022-22576 CVE-2022-25313 CVE-2022-25314
\nCVE-2022-26945 CVE-2022-27774 CVE-2022-27776
\nCVE-2022-27782 CVE-2022-29824 CVE-2022-30321
\nCVE-2022-30322 CVE-2022-30323
\n=====================================================================<\/p>\n

1. Summary:<\/p>\n

Red Hat OpenStack Platform 16.2 (Train) director operator containers, with
\nseveral Important security fixes, are available for technology preview.<\/p>\n

2. Description:<\/p>\n

Release osp-director-operator images<\/p>\n

Security Fix(es):<\/p>\n

* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
\n* go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
\n* go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
\n* go-getter: command injection vulnerability [Important] (CVE-2022-26945)
\n* golang.org\/x\/crypto: empty plaintext packet causes panic [Moderate]\n(CVE-2021-43565)
\n* containerd: insufficiently restricted permissions on container root and
\nplugin directories [Moderate] (CVE-2021-41103)<\/p>\n

3. Solution:<\/p>\n

OSP 16.2 Release – OSP Director Operator Containers tech preview<\/p>\n

4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n

2011007 – CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories
\n2030787 – CVE-2021-43565 golang.org\/x\/crypto: empty plaintext packet causes panic
\n2092918 – CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)
\n2092923 – CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)
\n2092925 – CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)
\n2092928 – CVE-2022-26945 go-getter: command injection vulnerability<\/p>\n

5. References:<\/p>\n

https:\/\/access.redhat.com\/security\/cve\/CVE-2021-3634
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-3737
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-4189
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-40528
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-41103
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-43565
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1271
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1621
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1629
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-22576
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-25313
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-25314
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-26945
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27774
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27776
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-27782
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-29824
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30321
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30322
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-30323
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#important
\nhttps:\/\/access.redhat.com\/errata\/RHSA-2022:4991
\nhttps:\/\/access.redhat.com\/containers<\/p>\n

6. Contact:<\/p>\n

The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n

Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n

iQIVAwUBYtg1odzjgjWX9erEAQgLKhAAmNPdMhNGBxVdTDymf3EpM8xQcr25XWOR
\nwfdum3Q4\/Ji9\/IQJ1NCv\/5IsphsHgDaKlo9pY9BPzgeT4z90ga+5ldcXgqC9dk74
\nKVBUURmWxfbkg57E5dWHkMb9fxyRIpo0NiFlwLx5ynjIjO\/WwWwFzz4YIiktDy1H
\nAgGz1oZnX+hdZ+BpH2Ltx70cCyqvHgA+aOFXGHZNl8qQXQEjtCBN957XEo4c1hgp
\n6HBmK3GkcaL2Ml32\/EM+2j4BLyz4hUK9Xfe171le0RcjkIND9BNzx2055dXov9uY
\neN52pn7pL8BvWU37b39wZx4EEyluYfnnlLaM9I+Y0t0NFhtA2H5Xk\/hei1W3tzkP
\nFdSR6gYIB1wwkBKu\/qus4RqrtDEhYHOYXqIziEE+G0nF0ht1As7kLq7U05n7spOu
\n9mKht4iXLj17lzPHAXM5N9HF0\/v3WuVNQf1DXOzb29BUF14fGFzXCWp\/nIG+PpEt
\nefmBklT4DAgLaibGwKyLZ7YOcfl\/mQoQDCs3uPqpqeXf799cTtJFmC520ox\/eaFx
\nOFQ1ZNpDI\/FKi1919hl2Ox5V7OxOZRIs\/MPsLJ+HBtr9CmGMV2\/rezeTEu+cD7Ts
\nSFDt82MQeqSJuxjpa04odqcU6NZbccoF3c7sxn49Vvk6AAn6umXgJCR\/Pnp9QPZT
\n\/jnfjsj7xYM=
\n=+5tE
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Release of containers for OSP 16.2.z director operator tech preview Advisory ID: RHSA-2022:5673-01 Product: Red Hat OpenStack Platform Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:5673 Issue date: 2022-07-20 CVE Names: CVE-2021-3634 CVE-2021-3737 CVE-2021-4189 CVE-2021-40528 CVE-2021-41103 CVE-2021-43565 CVE-2022-1271 CVE-2022-1621 CVE-2022-1629 CVE-2022-22576 CVE-2022-25313 CVE-2022-25314 CVE-2022-26945 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-27354","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/27354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=27354"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/27354\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=27354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=27354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=27354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}