Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.3.8
Affects Version/s: None
Component/s: Productization
Labels:
- rn-not-needed

Blocked:
False
Blocked Reason:
None
Ready:
False
Release Note Text:

Hide
v1.3.8 OCP: 4.6
Fixed issues:
Update base images to the latest version to avoid OpenSSL flaw (CVE-2022-0778)
Note:
Switch to gitops-1.3 channel to install v1.3.8 and receive further updates to v1.3.z during its support time frame.

Show
v1.3.8 OCP: 4.6 Fixed issues: Update base images to the latest version to avoid OpenSSL flaw (CVE-2022-0778) Note: Switch to gitops-1.3 channel to install v1.3.8 and receive further updates to v1.3.z during its support time frame.

SFDC Cases Counter:
SFDC Cases Links:

Description

A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack. For more information: https://access.redhat.com/security/cve/CVE-2022-0778

The flaw is in the version of "ubi-minimal" and "httpd-24-rhel7" base images we are using for OpenShift GitOps v1.4.5 and v1.3.6. Update the base images to the latest version in order to overcome the OpenSSL issue.

Attachments

Issue Links

clones

GITOPS-1943 Update base images to fix OpenSSL issue

Closed

Activity

People

Assignee:: Chetan Banavikalmutt

Reporter:: Chetan Banavikalmutt

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022/04/27 5:07 PM

Updated:: 2023/02/16 5:51 AM

Resolved:: 2022/05/02 12:40 PM