ID

VAR-202103-1464

CVE

CVE-2021-3449

TITLE

Red Hat Security Advisory 2021-3016-01

DESCRIPTION

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189) * jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190) * jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720) * jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1232 All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2021:1189-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:1189 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ===================================================================== 1. Summary: An update is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Changes to the redhat-release-virtualization-host component: * Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. In this release, the redhat-support-tool has been added. (BZ#1928607) Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 The system must be rebooted for this update to take effect. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition 1895832 - RHVH 4.4.3: No response when clicking button "Help" in Anaconda GUI 1907306 - "sysstat" doesn't collect data for upgraded RHVH 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade 1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. 1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError 1927395 - RHVH, protecting key packages from being removed. 1928607 - redhat-support-tool is missing from latest RHV-H 4.4 1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async 1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 8: Source: boost-1.66.0-10.el8.src.rpm dyninst-10.1.0-4.el8.src.rpm gcc-8.3.1-5.1.el8.src.rpm isl-0.16.1-6.el8.src.rpm libmpc-1.0.2-9.el8.src.rpm libxcrypt-4.1.1-4.el8.src.rpm make-4.2.1-10.el8.src.rpm redhat-virtualization-host-4.4.5-20210330.0.el8_3.src.rpm tbb-2018.2-9.el8.src.rpm zip-3.0-23.el8.src.rpm noarch: redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch.rpm vim-filesystem-8.0.1763-15.el8.noarch.rpm x86_64: boost-atomic-debuginfo-1.66.0-10.el8.x86_64.rpm boost-chrono-debuginfo-1.66.0-10.el8.x86_64.rpm boost-container-debuginfo-1.66.0-10.el8.x86_64.rpm boost-context-debuginfo-1.66.0-10.el8.x86_64.rpm boost-coroutine-debuginfo-1.66.0-10.el8.x86_64.rpm boost-date-time-1.66.0-10.el8.x86_64.rpm boost-date-time-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debuginfo-1.66.0-10.el8.x86_64.rpm boost-debugsource-1.66.0-10.el8.x86_64.rpm boost-doctools-debuginfo-1.66.0-10.el8.x86_64.rpm boost-fiber-debuginfo-1.66.0-10.el8.x86_64.rpm boost-filesystem-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-graph-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-iostreams-debuginfo-1.66.0-10.el8.x86_64.rpm boost-locale-debuginfo-1.66.0-10.el8.x86_64.rpm boost-log-debuginfo-1.66.0-10.el8.x86_64.rpm boost-math-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-debuginfo-1.66.0-10.el8.x86_64.rpm boost-mpich-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-numpy3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-debuginfo-1.66.0-10.el8.x86_64.rpm boost-openmpi-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-program-options-debuginfo-1.66.0-10.el8.x86_64.rpm boost-python3-debuginfo-1.66.0-10.el8.x86_64.rpm boost-random-debuginfo-1.66.0-10.el8.x86_64.rpm boost-regex-debuginfo-1.66.0-10.el8.x86_64.rpm boost-serialization-debuginfo-1.66.0-10.el8.x86_64.rpm boost-signals-debuginfo-1.66.0-10.el8.x86_64.rpm boost-stacktrace-debuginfo-1.66.0-10.el8.x86_64.rpm boost-system-debuginfo-1.66.0-10.el8.x86_64.rpm boost-test-debuginfo-1.66.0-10.el8.x86_64.rpm boost-thread-debuginfo-1.66.0-10.el8.x86_64.rpm boost-timer-debuginfo-1.66.0-10.el8.x86_64.rpm boost-type_erasure-debuginfo-1.66.0-10.el8.x86_64.rpm boost-wave-debuginfo-1.66.0-10.el8.x86_64.rpm bpftool-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm compat-libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm cpp-8.3.1-5.1.el8.x86_64.rpm cpp-debuginfo-8.3.1-5.1.el8.x86_64.rpm dyninst-10.1.0-4.el8.x86_64.rpm dyninst-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-debugsource-10.1.0-4.el8.x86_64.rpm dyninst-devel-debuginfo-10.1.0-4.el8.x86_64.rpm dyninst-testsuite-debuginfo-10.1.0-4.el8.x86_64.rpm gcc-8.3.1-5.1.el8.x86_64.rpm gcc-c++-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-debugsource-8.3.1-5.1.el8.x86_64.rpm gcc-gdb-plugin-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-gfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm gcc-plugin-devel-debuginfo-8.3.1-5.1.el8.x86_64.rpm glibc-debuginfo-2.28-127.el8_3.2.x86_64.rpm glibc-debuginfo-common-2.28-127.el8_3.2.x86_64.rpm glibc-devel-2.28-127.el8_3.2.x86_64.rpm glibc-headers-2.28-127.el8_3.2.x86_64.rpm isl-0.16.1-6.el8.x86_64.rpm isl-debugsource-0.16.1-6.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm kernel-tools-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm libasan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libatomic-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgcc-8.3.1-5.1.el8.x86_64.rpm libgcc-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgfortran-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-8.3.1-5.1.el8.x86_64.rpm libgomp-debuginfo-8.3.1-5.1.el8.x86_64.rpm libgomp-offload-nvptx-debuginfo-8.3.1-5.1.el8.x86_64.rpm libitm-debuginfo-8.3.1-5.1.el8.x86_64.rpm liblsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libmpc-1.0.2-9.el8.x86_64.rpm libmpc-debuginfo-1.0.2-9.el8.x86_64.rpm libmpc-debugsource-1.0.2-9.el8.x86_64.rpm libquadmath-debuginfo-8.3.1-5.1.el8.x86_64.rpm libstdc++-debuginfo-8.3.1-5.1.el8.x86_64.rpm libtsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libubsan-debuginfo-8.3.1-5.1.el8.x86_64.rpm libxcrypt-debugsource-4.1.1-4.el8.x86_64.rpm libxcrypt-devel-4.1.1-4.el8.x86_64.rpm make-4.2.1-10.el8.x86_64.rpm make-debugsource-4.2.1-10.el8.x86_64.rpm perf-4.18.0-240.22.1.el8_3.x86_64.rpm perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm python3-perf-debuginfo-4.18.0-240.22.1.el8_3.x86_64.rpm tbb-2018.2-9.el8.x86_64.rpm tbb-debugsource-2018.2-9.el8.x86_64.rpm vim-X11-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-common-8.0.1763-15.el8.x86_64.rpm vim-common-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-debugsource-8.0.1763-15.el8.x86_64.rpm vim-enhanced-8.0.1763-15.el8.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-15.el8.x86_64.rpm vim-minimal-debuginfo-8.0.1763-15.el8.x86_64.rpm zip-3.0-23.el8.x86_64.rpm zip-debugsource-3.0-23.el8.x86_64.rpm RHEL 8-based RHEV-H for RHEV 4 (build requirements): Source: imgbased-1.2.18-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.5-4.el8ev.src.rpm scap-security-guide-0.1.50-1.el8ev.src.rpm noarch: imgbased-1.2.18-0.1.el8ev.noarch.rpm python3-imgbased-1.2.18-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch.rpm scap-security-guide-rhv-0.1.50-1.el8ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.4.5-4.el8ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHbW2dzjgjWX9erEAQhrvQ//VGyhTZ32NVUTnNMVVaHZyN5HL2Gt7CRG sOA8Z7hKGGPq8nHZEeTtk2KBpxaLLzVHxKmILtnsRTlRqq2s4BSgd9j7YhNvTlZe kK6Y3ovcWBKdqqui2ezZz9WFmKbQ5yjJImMo+TfyAS0D1RLwxNyKzDyYDCIZuO03 1AcV0ILWSVpaEKRrjOX6S0VnmMR0hqf4JmgLk8/ePv3wp+vd5voeIymWDPy6KrPW 0WS6NLHHNGucnzKXiRglwLeWKCYdQ+MCewkLKch/4eQPI28+N72dEgI9nhbZMind khmKrnPDt5CIS9aWNmm+B/pWHZB1kEFt6hls/+xn2aXvrHxGgj6aTyl1peMhxYwA bvlQx+p1jOOREgtvnQHwemAVEuZByW4QFWqdZn/BIqbImTjxlawqYRwHjWpOvMfo Z6l7kiG86TsEWj/QJGAoRvwmqer7pWrttVeUivFBNmUhgZ8lEIMT3MkULY8VBJp+ PrwbQwfpMn38PZbnl/DT3A0aSgZ1Q1uQZooW8B6zBKYUdgwTU8impaBaKfyM9QRq hCqHX42S4b/tNZhy64hlfkv24kei4RqgI4sGVeDfSA/tWzdgvBghQ1pOEhlPY4MH jINgKocRD1f08X0meBmqk4IuoZdWkUrGgvprmT81At4ZF3omaQ1amKj1HhXpmJVa da5fQnRzZzc= =xbcY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

code execution

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-09-17T20:06:39.515000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE