Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Red Hat 3scale API Management
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Red Hat 3scale API Management
ID: RHSA-2021:1129-01
Distribution: Red Hat
Plattformen: Red Hat 3scale API Management
Datum: Do, 8. April 2021, 22:41
Referenzen: https://access.redhat.com/security/cve/CVE-2020-12243
https://access.redhat.com/security/cve/CVE-2020-12401
https://access.redhat.com/security/cve/CVE-2020-25705
https://access.redhat.com/security/cve/CVE-2019-17023
https://access.redhat.com/security/cve/CVE-2020-12400
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2020-14351
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2019-5188
https://access.redhat.com/security/cve/CVE-2020-6829
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-7053
https://access.redhat.com/security/cve/CVE-2019-19126
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-19532
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/cve/CVE-2020-12402
https://access.redhat.com/security/cve/CVE-2020-29661
https://access.redhat.com/security/cve/CVE-2021-20265
https://access.redhat.com/security/cve/CVE-2020-0427
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2020-12723
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-11727
https://access.redhat.com/security/cve/CVE-2019-17498
https://access.redhat.com/security/cve/CVE-2020-25656
https://access.redhat.com/security/cve/CVE-2020-25645
https://access.redhat.com/security/cve/CVE-2019-11719
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-9283
https://access.redhat.com/security/cve/CVE-2019-12749
https://access.redhat.com/security/cve/CVE-2019-11756
Applikationen: Red Hat 3scale API Management

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat 3scale API Management 2.10.0 security
 update and release
Advisory ID:       RHSA-2021:1129-01
Product:           3scale API Management
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1129
Issue date:        2021-04-07
CVE Names:         CVE-2018-20843 CVE-2019-5094 CVE-2019-5188 
                   CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 
                   CVE-2019-12749 CVE-2019-14866 CVE-2019-15903 
                   CVE-2019-17006 CVE-2019-17023 CVE-2019-17498 
                   CVE-2019-19126 CVE-2019-19532 CVE-2019-19956 
                   CVE-2019-20388 CVE-2019-20907 CVE-2020-0427 
                   CVE-2020-1971 CVE-2020-6829 CVE-2020-7053 
                   CVE-2020-7595 CVE-2020-8177 CVE-2020-9283 
                   CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 
                   CVE-2020-12402 CVE-2020-12403 CVE-2020-12723 
                   CVE-2020-14040 CVE-2020-14351 CVE-2020-25211 
                   CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 
                   CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 
=====================================================================

1. Summary:

A security update for Red Hat 3scale API Management Platform is now
available from the Red Hat Container Catalog.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat 3scale API Management delivers centralized API management features
through a distributed, cloud-hosted layer. It includes built-in features to
help in building a more successful API program, including access control,
rate limits, payment gateway integration, and developer experience tools.

This advisory is intended to use with container images for Red Hat 3scale
API Management 2.10.0.

Security Fix(es):

* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management
/2.10/html-single/installing_3scale/index

4. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519
 public keys allows for panic
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite
 loop in encoding/unicode could lead to crash

5. References:

https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-5094
https://access.redhat.com/security/cve/CVE-2019-5188
https://access.redhat.com/security/cve/CVE-2019-11719
https://access.redhat.com/security/cve/CVE-2019-11727
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-12749
https://access.redhat.com/security/cve/CVE-2019-14866
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2019-17023
https://access.redhat.com/security/cve/CVE-2019-17498
https://access.redhat.com/security/cve/CVE-2019-19126
https://access.redhat.com/security/cve/CVE-2019-19532
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2020-0427
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-6829
https://access.redhat.com/security/cve/CVE-2020-7053
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-9283
https://access.redhat.com/security/cve/CVE-2020-12243
https://access.redhat.com/security/cve/CVE-2020-12400
https://access.redhat.com/security/cve/CVE-2020-12401
https://access.redhat.com/security/cve/CVE-2020-12402
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/cve/CVE-2020-12723
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14351
https://access.redhat.com/security/cve/CVE-2020-25211
https://access.redhat.com/security/cve/CVE-2020-25645
https://access.redhat.com/security/cve/CVE-2020-25656
https://access.redhat.com/security/cve/CVE-2020-25705
https://access.redhat.com/security/cve/CVE-2020-28374
https://access.redhat.com/security/cve/CVE-2020-29661
https://access.redhat.com/security/cve/CVE-2021-20265
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYG71etzjgjWX9erEAQjNixAAhj8zh6eSiTxd4KgsaKl8WPwqE4xxDh1f
0UZ8n0GcAAedgOaSxFFc81Khc40Ki/AgUBNscwdLKVrlqDcBHStpQIAhThzIqtfq
OAirtdRE/HOC9TjcR4OV5TTdjGt8A9oZh34OHidQQQEsxHF26BPJ9IdGDV6BGdVi
EQZFcZUFYLgLqca1AcFTC46+SqK1J4Gn6cp7fQ5GOTc6umUQqzU4xk9WFcAcjNWg
v1Fo1ZYiil3BMJC3hQmwXm2HCpoq+Ckri3BrRHsCk2CwxJgAZcgDqxUXkD/4B5OE
j9wswGPziSY0DE+vqR5CK393ZT0WrLj+xUgVnn5cd8XyAroybSVgjJ4lKXyyzCQY
TS3an5vcxZJZK9DfLV/xWt+aOuQ1JIz3FIFQgSHgWqlfszptg2bn4GW2D05VmEV7
NwEma9bjWG6Tr2eyUqNmddVFIlEN+VoGZMBgiKLj5pUFe+Zlp5T76jIXntPdOVgX
nKsil2BMrponU2iIMi7Lkp0yRUKPv8uTTZvfYqtM56U6PXygzC6y+80kfHm6YwRI
NHS7zFxxmsi3Vqo2iN4SfOM75oekIsEjt0s+AD/G+/Jc/2MLa8lMUKpWuutrDzrE
s0gqHMQek8Oj/F1PFoQsSg5K5vwjwqM7NCY6VOQ14YtZeFcfasOemSehzotlOm2e
ifeFFW4W/6s=
=Uuda
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung