Red Hat 8852 Published by

A Service Telemetry Framework 1.4 security update has been released.



RHSA-2022:5924-01: Important: Service Telemetry Framework 1.4 security update



=====================================================================
Red Hat Security Advisory

Synopsis: Important: Service Telemetry Framework 1.4 security update
Advisory ID: RHSA-2022:5924-01
Product: Red Hat OpenStack Platform
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:5924
Issue date: 2022-08-08
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-25032
CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710
CVE-2019-8720 CVE-2019-8743 CVE-2019-8764
CVE-2019-8766 CVE-2019-8769 CVE-2019-8771
CVE-2019-8782 CVE-2019-8783 CVE-2019-8808
CVE-2019-8811 CVE-2019-8812 CVE-2019-8813
CVE-2019-8814 CVE-2019-8815 CVE-2019-8816
CVE-2019-8819 CVE-2019-8820 CVE-2019-8823
CVE-2019-8835 CVE-2019-8844 CVE-2019-8846
CVE-2019-9169 CVE-2019-13050 CVE-2019-13627
CVE-2019-14889 CVE-2019-20454 CVE-2019-20807
CVE-2019-25013 CVE-2020-1730 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-8927 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-9952
CVE-2020-10018 CVE-2020-11793 CVE-2020-13434
CVE-2020-14391 CVE-2020-15358 CVE-2020-15503
CVE-2020-27618 CVE-2020-29361 CVE-2020-29362
CVE-2020-29363 CVE-2021-3326 CVE-2021-3516
CVE-2021-3517 CVE-2021-3518 CVE-2021-3520
CVE-2021-3521 CVE-2021-3537 CVE-2021-3541
CVE-2021-20305 CVE-2021-22946 CVE-2021-22947
CVE-2021-27218 CVE-2021-30666 CVE-2021-30761
CVE-2021-30762 CVE-2021-33928 CVE-2021-33929
CVE-2021-33930 CVE-2021-33938 CVE-2021-36222
CVE-2021-37750 CVE-2022-0778 CVE-2022-1271
CVE-2022-23852 CVE-2022-24407 CVE-2022-30631
=====================================================================

1. Summary:

An update is now available for Service Telemetry Framework 1.4 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Service Telemetry Framework (STF) provides automated collection of
measurements and data from remote clients, such as Red Hat OpenStack
Platform or third-party nodes. STF then transmits the information to a
centralized, receiving Red Hat OpenShift Container Platform (OCP)
deployment for storage, retrieval, and monitoring.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

The Service Telemetry Framework container image provided by this update can
be downloaded from the Red Hat Container Registry at
registry.access.redhat.com. Installation instructions for your platform are
available at Red Hat Container Catalog (see References).
Dockerfiles and scripts should be amended either to refer to this new image
specifically, or to the latest image generally.

4. Bugs fixed (  https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

5. References:

  https://access.redhat.com/security/cve/CVE-2016-10228
  https://access.redhat.com/security/cve/CVE-2017-14502
  https://access.redhat.com/security/cve/CVE-2018-25032
  https://access.redhat.com/security/cve/CVE-2018-1000858
  https://access.redhat.com/security/cve/CVE-2019-8625
  https://access.redhat.com/security/cve/CVE-2019-8710
  https://access.redhat.com/security/cve/CVE-2019-8720
  https://access.redhat.com/security/cve/CVE-2019-8743
  https://access.redhat.com/security/cve/CVE-2019-8764
  https://access.redhat.com/security/cve/CVE-2019-8766
  https://access.redhat.com/security/cve/CVE-2019-8769
  https://access.redhat.com/security/cve/CVE-2019-8771
  https://access.redhat.com/security/cve/CVE-2019-8782
  https://access.redhat.com/security/cve/CVE-2019-8783
  https://access.redhat.com/security/cve/CVE-2019-8808
  https://access.redhat.com/security/cve/CVE-2019-8811
  https://access.redhat.com/security/cve/CVE-2019-8812
  https://access.redhat.com/security/cve/CVE-2019-8813
  https://access.redhat.com/security/cve/CVE-2019-8814
  https://access.redhat.com/security/cve/CVE-2019-8815
  https://access.redhat.com/security/cve/CVE-2019-8816
  https://access.redhat.com/security/cve/CVE-2019-8819
  https://access.redhat.com/security/cve/CVE-2019-8820
  https://access.redhat.com/security/cve/CVE-2019-8823
  https://access.redhat.com/security/cve/CVE-2019-8835
  https://access.redhat.com/security/cve/CVE-2019-8844
  https://access.redhat.com/security/cve/CVE-2019-8846
  https://access.redhat.com/security/cve/CVE-2019-9169
  https://access.redhat.com/security/cve/CVE-2019-13050
  https://access.redhat.com/security/cve/CVE-2019-13627
  https://access.redhat.com/security/cve/CVE-2019-14889
  https://access.redhat.com/security/cve/CVE-2019-20454
  https://access.redhat.com/security/cve/CVE-2019-20807
  https://access.redhat.com/security/cve/CVE-2019-25013
  https://access.redhat.com/security/cve/CVE-2020-1730
  https://access.redhat.com/security/cve/CVE-2020-3862
  https://access.redhat.com/security/cve/CVE-2020-3864
  https://access.redhat.com/security/cve/CVE-2020-3865
  https://access.redhat.com/security/cve/CVE-2020-3867
  https://access.redhat.com/security/cve/CVE-2020-3868
  https://access.redhat.com/security/cve/CVE-2020-3885
  https://access.redhat.com/security/cve/CVE-2020-3894
  https://access.redhat.com/security/cve/CVE-2020-3895
  https://access.redhat.com/security/cve/CVE-2020-3897
  https://access.redhat.com/security/cve/CVE-2020-3899
  https://access.redhat.com/security/cve/CVE-2020-3900
  https://access.redhat.com/security/cve/CVE-2020-3901
  https://access.redhat.com/security/cve/CVE-2020-3902
  https://access.redhat.com/security/cve/CVE-2020-8927
  https://access.redhat.com/security/cve/CVE-2020-9802
  https://access.redhat.com/security/cve/CVE-2020-9803
  https://access.redhat.com/security/cve/CVE-2020-9805
  https://access.redhat.com/security/cve/CVE-2020-9806
  https://access.redhat.com/security/cve/CVE-2020-9807
  https://access.redhat.com/security/cve/CVE-2020-9843
  https://access.redhat.com/security/cve/CVE-2020-9850
  https://access.redhat.com/security/cve/CVE-2020-9862
  https://access.redhat.com/security/cve/CVE-2020-9893
  https://access.redhat.com/security/cve/CVE-2020-9894
  https://access.redhat.com/security/cve/CVE-2020-9895
  https://access.redhat.com/security/cve/CVE-2020-9915
  https://access.redhat.com/security/cve/CVE-2020-9925
  https://access.redhat.com/security/cve/CVE-2020-9952
  https://access.redhat.com/security/cve/CVE-2020-10018
  https://access.redhat.com/security/cve/CVE-2020-11793
  https://access.redhat.com/security/cve/CVE-2020-13434
  https://access.redhat.com/security/cve/CVE-2020-14391
  https://access.redhat.com/security/cve/CVE-2020-15358
  https://access.redhat.com/security/cve/CVE-2020-15503
  https://access.redhat.com/security/cve/CVE-2020-27618
  https://access.redhat.com/security/cve/CVE-2020-29361
  https://access.redhat.com/security/cve/CVE-2020-29362
  https://access.redhat.com/security/cve/CVE-2020-29363
  https://access.redhat.com/security/cve/CVE-2021-3326
  https://access.redhat.com/security/cve/CVE-2021-3516
  https://access.redhat.com/security/cve/CVE-2021-3517
  https://access.redhat.com/security/cve/CVE-2021-3518
  https://access.redhat.com/security/cve/CVE-2021-3520
  https://access.redhat.com/security/cve/CVE-2021-3521
  https://access.redhat.com/security/cve/CVE-2021-3537
  https://access.redhat.com/security/cve/CVE-2021-3541
  https://access.redhat.com/security/cve/CVE-2021-20305
  https://access.redhat.com/security/cve/CVE-2021-22946
  https://access.redhat.com/security/cve/CVE-2021-22947
  https://access.redhat.com/security/cve/CVE-2021-27218
  https://access.redhat.com/security/cve/CVE-2021-30666
  https://access.redhat.com/security/cve/CVE-2021-30761
  https://access.redhat.com/security/cve/CVE-2021-30762
  https://access.redhat.com/security/cve/CVE-2021-33928
  https://access.redhat.com/security/cve/CVE-2021-33929
  https://access.redhat.com/security/cve/CVE-2021-33930
  https://access.redhat.com/security/cve/CVE-2021-33938
  https://access.redhat.com/security/cve/CVE-2021-36222
  https://access.redhat.com/security/cve/CVE-2021-37750
  https://access.redhat.com/security/cve/CVE-2022-0778
  https://access.redhat.com/security/cve/CVE-2022-1271
  https://access.redhat.com/security/cve/CVE-2022-23852
  https://access.redhat.com/security/cve/CVE-2022-24407
  https://access.redhat.com/security/cve/CVE-2022-30631
  https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.