VIR Vulnerability Intelligence Relay

CVE-2021-3114

medium
Published 2022-02-17 Β· Modified 2021-11-09
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description golang: crypto/elliptic: incorrect operations on the P-224 curve Red Hat statement OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support. CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Native Client for RHEL…

Description

golang: crypto/elliptic: incorrect operations on the P-224 curve

Red Hat statement

OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Errata / fixed releases

ProductPackageAdvisoryReleased
Native Client for RHEL 7 for Red Hat Storageheketi-0:10.4.0-2.el7rhgsRHSA-2022:03082022-01-27T00:00:00Z
OpenShift Logging 5.0openshift-logging/cluster-logging-rhel8-operator:v5.0.2-6RHBA-2021:11672021-04-12T00:00:00Z
OpenShift Logging 5.0openshift-logging/elasticsearch-proxy-rhel8:v5.0.2-5RHBA-2021:11672021-04-12T00:00:00Z
OpenShift Logging 5.0openshift-logging/elasticsearch-rhel8-operator:v5.0.2-5RHBA-2021:11672021-04-12T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/client-kn-rhel8:0.16.1-4RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/ingress-rhel8-operator:1.10.2-1RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/knative-rhel8-operator:1.10.2-1RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/kn-cli-artifacts-rhel8:0.16.1-4RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/kourier-control-rhel8:0.16.0-7RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serverless-operator-bundle:1.10.2-4RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serverless-rhel8-operator:1.10.2-1RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-activator-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-autoscaler-hpa-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-autoscaler-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-controller-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-queue-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-storage-version-migration-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/serving-webhook-rhel8:0.16.0-6RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.10openshift-serverless-1/svls-must-gather-rhel8:1.10.2-1RHSA-2021:20212021-05-19T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/client-kn-rhel8:0.20.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-controller-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-mtbroker-filter-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-mtbroker-ingress-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-mtchannel-broker-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-mtping-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-storage-version-migration-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-sugar-controller-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/eventing-webhook-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/ingress-rhel8-operator:1.14.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/knative-rhel8-operator:1.14.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/kn-cli-artifacts-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/kourier-control-rhel8:0.20.0-6RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serverless-operator-bundle:1.14.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serverless-rhel8-operator:1.14.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-activator-rhel8:0.20.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-autoscaler-hpa-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-autoscaler-rhel8:0.20.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-controller-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-domain-mapping-rhel8:0.20.0-9RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-domain-mapping-webhook-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-queue-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-storage-version-migration-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serving-webhook-rhel8:0.20.0-8RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/svls-must-gather-rhel8:1.14.0-12RHSA-2021:13382021-04-22T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/knative-rhel8-operator:1.14.1-2RHSA-2021:20932021-05-24T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/kn-cli-artifacts-rhel8:0.20.0-11RHSA-2021:20932021-05-24T00:00:00Z
Openshift Serveless 1.14openshift-serverless-1/serverless-operator-bundle:1.14.1-3RHSA-2021:20932021-05-24T00:00:00Z
Openshift Serverless 1 on RHEL 8openshift-serverless-clients-0:0.20.0-6.el8RHSA-2021:13392021-04-22T00:00:00Z
Openshift Serverless 1 on RHEL 8openshift-serverless-clients-0:0.20.0-7.el8RHSA-2021:20952021-05-24T00:00:00Z
Red Hat Enterprise Linux 8go-toolset:rhel8-8040020210122160957.9f461222RHSA-2021:17462021-05-18T00:00:00Z
Red Hat Enterprise Linux 8grafana-0:7.5.9-4.el8RHSA-2021:42262021-11-09T00:00:00Z
Red Hat Gluster Storage 3.5 for RHEL 7rhgs3/rhgs-gluster-block-prov-rhel7:3.11.8-1RHSA-2021:37482021-10-07T00:00:00Z
Red Hat Gluster Storage 3.5 for RHEL 7heketi-0:10.4.0-2.el7rhgsRHSA-2022:03082022-01-27T00:00:00Z
Red Hat OpenShift Container Platform 4.6ignition-0:2.6.0-7.rhaos4.6.git947598e.el8RHBA-2021:15222021-05-20T00:00:00Z
Red Hat OpenShift Container Platform 4.7openshift-0:4.7.0-202103181538.p0.git.97109.7576cdc.el7RHSA-2021:09582021-03-30T00:00:00Z
Red Hat OpenShift Container Platform 4.7openshift-clients-0:4.7.0-202103191426.p0.git.3953.f3a7513.el7RHSA-2021:09582021-03-30T00:00:00Z
Red Hat OpenShift Container Platform 4.7cri-o-0:1.20.2-4.rhaos4.7.gitd5a999a.el7RHSA-2021:10062021-04-05T00:00:00Z

Package state

ProductPackageState
OpenShift Serverlessknative-eventingAffected
OpenShift Service Mesh 1iorOut of support scope
OpenShift Service Mesh 1kialiOut of support scope
OpenShift Service Mesh 1servicemeshOut of support scope
OpenShift Service Mesh 1servicemesh-cniOut of support scope
OpenShift Service Mesh 1servicemesh-grafanaOut of support scope
OpenShift Service Mesh 1servicemesh-operatorOut of support scope
OpenShift Service Mesh 1servicemesh-prometheusOut of support scope
OpenShift Service Mesh 1servicemesh-proxyOut of support scope
OpenShift Service Mesh 2.03scale-istio-adapter-rhel8-containerAffected
OpenShift Service Mesh 2.0kialiAffected
OpenShift Service Mesh 2.0servicemeshAffected
OpenShift Service Mesh 2.0servicemesh-cniAffected
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-operatorAffected
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
OpenShift Service Mesh 2.0servicemesh-proxyAffected
Red Hat Ceph Storage 2golangOut of support scope
Red Hat Ceph Storage 2grafanaOut of support scope
Red Hat Ceph Storage 3golangOut of support scope
Red Hat Ceph Storage 3golang-github-prometheus-node_exporterOut of support scope
Red Hat Ceph Storage 3grafanaAffected
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Will not fix
Red Hat Enterprise Linux 7buildahOut of support scope
Red Hat Enterprise Linux 7compat-sap-c++-7Out of support scope
Red Hat Enterprise Linux 7compat-sap-c++-8Out of support scope
Red Hat Enterprise Linux 7compat-sap-c++-9Out of support scope
Red Hat Enterprise Linux 7dockerOut of support scope
Red Hat Enterprise Linux 7docker-distributionOut of support scope
Red Hat Enterprise Linux 7etcdOut of support scope
Red Hat Enterprise Linux 7etcd3Out of support scope
Red Hat Enterprise Linux 7flannelOut of support scope
Red Hat Enterprise Linux 7gccNot affected
Red Hat Enterprise Linux 7gcc-librariesOut of support scope
Red Hat Enterprise Linux 7golangOut of support scope
Red Hat Enterprise Linux 7podmanOut of support scope
Red Hat Enterprise Linux 7scap-security-guideOut of support scope
Red Hat Enterprise Linux 7skopeoOut of support scope
Red Hat Enterprise Linux 8compat-sap-c++-9Not affected
Red Hat Enterprise Linux 8container-tools:1.0/buildahWill not fix
Red Hat Enterprise Linux 8container-tools:1.0/podmanOut of support scope
Red Hat Enterprise Linux 8container-tools:1.0/skopeoOut of support scope
Red Hat Enterprise Linux 8container-tools:2.0/buildahWill not fix
Red Hat Enterprise Linux 8container-tools:2.0/podmanAffected
Red Hat Enterprise Linux 8container-tools:2.0/skopeoAffected
Red Hat Enterprise Linux 8container-tools:rhel8/buildahWill not fix
Red Hat Enterprise Linux 8container-tools:rhel8/podmanAffected
Red Hat Enterprise Linux 8container-tools:rhel8/skopeoAffected
Red Hat Enterprise Linux 8gccNot affected
Red Hat Enterprise Linux 8gcc-toolset-10-gccNot affected
Red Hat Enterprise Linux 8gcc-toolset-9-gccNot affected
Red Hat Enterprise Linux 9go-toolsetNot affected
Red Hat Enterprise Linux 9grafanaNot affected
Red Hat OpenShift Container Platform 3.11ansible-service-brokerWill not fix
Red Hat OpenShift Container Platform 3.11apbWill not fix
Red Hat OpenShift Container Platform 3.11atomic-openshiftWill not fix
Red Hat OpenShift Container Platform 3.11atomic-openshift-cluster-autoscalerWill not fix
Red Hat OpenShift Container Platform 3.11atomic-openshift-deschedulerWill not fix
Red Hat OpenShift Container Platform 3.11atomic-openshift-dockerregistryWill not fix
Red Hat OpenShift Container Platform 3.11atomic-openshift-metrics-serverWill not fix

Apply commands

bash fix
Apply RHSA-2022:0308 for Native Client for RHEL 7 for Red Hat Storage
yum update -y heketi
# or:
dnf upgrade -y heketi

Affected

VendorProductVersion
redhatOpenShift ServerlessAffected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatOpenShift Service Mesh 2.0Affected
redhatRed Hat Ceph Storage 3Affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Container Platform 4Not affected
redhatRed Hat OpenShift Container Platform 4Affected
redhatRed Hat OpenShift Container Platform Assisted Installer 1Affected
redhatRed Hat Openshift Container Storage 4Affected
redhatRed Hat Openshift Container Storage 4Affected

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
arch Arch Fixed 1 release
VersionStatusFixed in
β€” Fixed 2:1.15.7-1
debian Debian Fixed 1 release
VersionStatusFixed in
bullseye Fixed 1.15.7-1
redhat Red Hat Fixed 1 release
VersionStatusFixed in
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

Package impact
EcosystemPackageVulnerableFixed
golang Gostdlib>=1.15.0-0,<1.15.71.14.14

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.