-
Bug
-
Resolution: Done
-
Major
-
None
-
False
-
None
-
False
-
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack. For more information: https://access.redhat.com/security/cve/CVE-2022-0778
The flaw is in the version of "ubi-minimal" and "httpd-24-rhel7" base images we are using for OpenShift GitOps v1.4.5 and v1.3.6. Update the base images to the latest version in order to overcome the OpenSSL issue.
- is cloned by
-
GITOPS-1944 Update base images to fix OpenSSL issue
- Closed
-
GITOPS-1951 Update base images to fix OpenSSL issue
- Closed