Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-1943

Update base images to fix OpenSSL issue

XMLWordPrintable

    • False
    • None
    • False
    • Hide
      Supported OCP versions: 4.7-4.10
      Fixed issues:
      Update base images to the latest version to avoid OpenSSL flaw (CVE-2022-0778)
      Note:
      Switch to the gitops-1.3 channel to install v1.3.7 and receive further updates to v1.3.z during its support time frame.
      Show
      Supported OCP versions: 4.7-4.10 Fixed issues: Update base images to the latest version to avoid OpenSSL flaw (CVE-2022-0778) Note: Switch to the gitops-1.3 channel to install v1.3.7 and receive further updates to v1.3.z during its support time frame.

      A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack. For more information: https://access.redhat.com/security/cve/CVE-2022-0778

      The flaw is in the version of "ubi-minimal" and "httpd-24-rhel7" base images we are using for OpenShift GitOps v1.4.5 and v1.3.6. Update the base images to the latest version in order to overcome the OpenSSL issue.

       

       

       

       

              cbanavik Chetan Banavikalmutt
              cbanavik Chetan Banavikalmutt
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: