Red Hat Security Advisory 2022-5924-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring.
833b91155aa03699b892bf1d0dee5fa04c60f68d328462973266e1fb470c8d60
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Service Telemetry Framework 1.4 security update
Advisory ID: RHSA-2022:5924-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5924
Issue date: 2022-08-08
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-25032
CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710
CVE-2019-8720 CVE-2019-8743 CVE-2019-8764
CVE-2019-8766 CVE-2019-8769 CVE-2019-8771
CVE-2019-8782 CVE-2019-8783 CVE-2019-8808
CVE-2019-8811 CVE-2019-8812 CVE-2019-8813
CVE-2019-8814 CVE-2019-8815 CVE-2019-8816
CVE-2019-8819 CVE-2019-8820 CVE-2019-8823
CVE-2019-8835 CVE-2019-8844 CVE-2019-8846
CVE-2019-9169 CVE-2019-13050 CVE-2019-13627
CVE-2019-14889 CVE-2019-20454 CVE-2019-20807
CVE-2019-25013 CVE-2020-1730 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-8927 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-9952
CVE-2020-10018 CVE-2020-11793 CVE-2020-13434
CVE-2020-14391 CVE-2020-15358 CVE-2020-15503
CVE-2020-27618 CVE-2020-29361 CVE-2020-29362
CVE-2020-29363 CVE-2021-3326 CVE-2021-3516
CVE-2021-3517 CVE-2021-3518 CVE-2021-3520
CVE-2021-3521 CVE-2021-3537 CVE-2021-3541
CVE-2021-20305 CVE-2021-22946 CVE-2021-22947
CVE-2021-27218 CVE-2021-30666 CVE-2021-30761
CVE-2021-30762 CVE-2021-33928 CVE-2021-33929
CVE-2021-33930 CVE-2021-33938 CVE-2021-36222
CVE-2021-37750 CVE-2022-0778 CVE-2022-1271
CVE-2022-23852 CVE-2022-24407 CVE-2022-30631
=====================================================================
1. Summary:
An update is now available for Service Telemetry Framework 1.4 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Service Telemetry Framework (STF) provides automated collection of
measurements and data from remote clients, such as Red Hat OpenStack
Platform or third-party nodes. STF then transmits the information to a
centralized, receiving Red Hat OpenShift Container Platform (OCP)
deployment for storage, retrieval, and monitoring.
Security Fix(es):
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
The Service Telemetry Framework container image provided by this update can
be downloaded from the Red Hat Container Registry at
registry.access.redhat.com. Installation instructions for your platform are
available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally.
4. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5. References:
https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2018-1000858
https://access.redhat.com/security/cve/CVE-2019-8625
https://access.redhat.com/security/cve/CVE-2019-8710
https://access.redhat.com/security/cve/CVE-2019-8720
https://access.redhat.com/security/cve/CVE-2019-8743
https://access.redhat.com/security/cve/CVE-2019-8764
https://access.redhat.com/security/cve/CVE-2019-8766
https://access.redhat.com/security/cve/CVE-2019-8769
https://access.redhat.com/security/cve/CVE-2019-8771
https://access.redhat.com/security/cve/CVE-2019-8782
https://access.redhat.com/security/cve/CVE-2019-8783
https://access.redhat.com/security/cve/CVE-2019-8808
https://access.redhat.com/security/cve/CVE-2019-8811
https://access.redhat.com/security/cve/CVE-2019-8812
https://access.redhat.com/security/cve/CVE-2019-8813
https://access.redhat.com/security/cve/CVE-2019-8814
https://access.redhat.com/security/cve/CVE-2019-8815
https://access.redhat.com/security/cve/CVE-2019-8816
https://access.redhat.com/security/cve/CVE-2019-8819
https://access.redhat.com/security/cve/CVE-2019-8820
https://access.redhat.com/security/cve/CVE-2019-8823
https://access.redhat.com/security/cve/CVE-2019-8835
https://access.redhat.com/security/cve/CVE-2019-8844
https://access.redhat.com/security/cve/CVE-2019-8846
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20807
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-3862
https://access.redhat.com/security/cve/CVE-2020-3864
https://access.redhat.com/security/cve/CVE-2020-3865
https://access.redhat.com/security/cve/CVE-2020-3867
https://access.redhat.com/security/cve/CVE-2020-3868
https://access.redhat.com/security/cve/CVE-2020-3885
https://access.redhat.com/security/cve/CVE-2020-3894
https://access.redhat.com/security/cve/CVE-2020-3895
https://access.redhat.com/security/cve/CVE-2020-3897
https://access.redhat.com/security/cve/CVE-2020-3899
https://access.redhat.com/security/cve/CVE-2020-3900
https://access.redhat.com/security/cve/CVE-2020-3901
https://access.redhat.com/security/cve/CVE-2020-3902
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-9802
https://access.redhat.com/security/cve/CVE-2020-9803
https://access.redhat.com/security/cve/CVE-2020-9805
https://access.redhat.com/security/cve/CVE-2020-9806
https://access.redhat.com/security/cve/CVE-2020-9807
https://access.redhat.com/security/cve/CVE-2020-9843
https://access.redhat.com/security/cve/CVE-2020-9850
https://access.redhat.com/security/cve/CVE-2020-9862
https://access.redhat.com/security/cve/CVE-2020-9893
https://access.redhat.com/security/cve/CVE-2020-9894
https://access.redhat.com/security/cve/CVE-2020-9895
https://access.redhat.com/security/cve/CVE-2020-9915
https://access.redhat.com/security/cve/CVE-2020-9925
https://access.redhat.com/security/cve/CVE-2020-9952
https://access.redhat.com/security/cve/CVE-2020-10018
https://access.redhat.com/security/cve/CVE-2020-11793
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-14391
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-15503
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3516
https://access.redhat.com/security/cve/CVE-2021-3517
https://access.redhat.com/security/cve/CVE-2021-3518
https://access.redhat.com/security/cve/CVE-2021-3520
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3537
https://access.redhat.com/security/cve/CVE-2021-3541
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-22946
https://access.redhat.com/security/cve/CVE-2021-22947
https://access.redhat.com/security/cve/CVE-2021-27218
https://access.redhat.com/security/cve/CVE-2021-30666
https://access.redhat.com/security/cve/CVE-2021-30761
https://access.redhat.com/security/cve/CVE-2021-30762
https://access.redhat.com/security/cve/CVE-2021-33928
https://access.redhat.com/security/cve/CVE-2021-33929
https://access.redhat.com/security/cve/CVE-2021-33930
https://access.redhat.com/security/cve/CVE-2021-33938
https://access.redhat.com/security/cve/CVE-2021-36222
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2022-0778
https://access.redhat.com/security/cve/CVE-2022-1271
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/updates/classification/#important
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYvGk7dzjgjWX9erEAQgmphAAjgdXrX28XNcuAkZtGl3I1EQGCCj2RRbM
zM0+lDVnIsmulqhcCrsKnKWtr1U+J8WIIA2MNpCtAc7XsIOA2jCT8HIiSDiBXwqO
CbYHuXDCgURo4DCFNkg+59aKs2BLu8WcEBRz4qaXV6ErIWvETBRA9/8lMxYvSjzp
JZChpIklfkgfwMBexQPpcbRnFncFC4Y9tNTLFqJAvuBiRm+Tbr8M+aZOoFbIG7F0
GeVPk/SUtIXVqG8/usX0a1wZcc4FsV7vFEInvqNSDRPN90CD+eZqGT5DCFW0CZ0H
V/TrsxZz2pqc524YjhpyynJovtfHpdWdoPgEI23hwe5TjW/0dn0/ZC0zX3ejNfmE
P09PjveTSBRlfos8lR7R8LdnckvGgm/ksP77bU/eC5QXZjLdQH+VfimrwLQ6aijW
TmI4h6swmvqIQdAsE4K8Ti8dJ/7DzDIh1k5h0rDHVORog9OW7qNFzteJHMBRENzv
0QPuwNfMMqRUIB6HOmja/iPNulDze1L0Eh/aXboTiOzpUEO2OBqTvPf9MnAtsyhs
fVqye2qGdI5u3Wec0AAmLCScUBpTDi8vpJuPEp6gZcKCZKvyQeQWebjcW14ioPxD
TzWD6jDXLJu/8mZqC+VNpfA1Pj9CyF9KtkYJW1WWR1PWqZWEn/EP5UWch0RplXW3
lp1GRMKQ2Y4=
=ZU04
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce