Red Hat 9062 Published by

A Self Node Remediation Operator 0.4.1 security update has been released.



RHSA-2022:6184-01: Important: Self Node Remediation Operator 0.4.1 security update



=====================================================================
Red Hat Security Advisory

Synopsis: Important: Self Node Remediation Operator 0.4.1 security update
Advisory ID: RHSA-2022:6184-01
Product: RHWA
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:6184
Issue date: 2022-08-25
CVE Names: CVE-2022-1292 CVE-2022-1586 CVE-2022-1785
CVE-2022-1897 CVE-2022-1927 CVE-2022-2068
CVE-2022-2097 CVE-2022-30631
=====================================================================

1. Summary:

This is an updated release of the Self Node Remediation Operator. The Self
Node Remediation Operator replaces the Poison Pill Operator, and is
delivered by Red Hat Workload Availability.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

The Self Node Remediation Operator works in conjunction with the Machine
Health Check or the Node Health Check Operators to provide automatic
remediation of unhealthy nodes by rebooting them. This minimizes downtime
for stateful applications and RWO volumes, as well as restoring compute
capacity in the event of transient failures.

Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, see the CVE page(s)
listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, see:

  https://access.redhat.com/articles/11258

4. Bugs fixed (  https://bugzilla.redhat.com/):

2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read

5. References:

  https://access.redhat.com/security/cve/CVE-2022-1292
  https://access.redhat.com/security/cve/CVE-2022-1586
  https://access.redhat.com/security/cve/CVE-2022-1785
  https://access.redhat.com/security/cve/CVE-2022-1897
  https://access.redhat.com/security/cve/CVE-2022-1927
  https://access.redhat.com/security/cve/CVE-2022-2068
  https://access.redhat.com/security/cve/CVE-2022-2097
  https://access.redhat.com/security/cve/CVE-2022-30631
  https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.