Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. Upstream Reference: https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0?pli=1
Created golang tracking bugs for this issue: Affects: epel-all [bug 1853654] Affects: fedora-all [bug 1853653]
Git commit: https://go-review.googlesource.com/c/text/+/238238
Statement: OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.
External References: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 https://github.com/golang/go/issues/39491
This issue has been addressed in the following products: Jaeger-1.17 Via RHSA-2020:3087 https://access.redhat.com/errata/RHSA-2020:3087
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14040
This issue has been addressed in the following products: OpenShift Service Mesh 1.1 Openshift Service Mesh 1.1 Via RHSA-2020:3369 https://access.redhat.com/errata/RHSA-2020:3369
This issue has been addressed in the following products: OpenShift Service Mesh 1.0 Via RHSA-2020:3372 https://access.redhat.com/errata/RHSA-2020:3372
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3665 https://access.redhat.com/errata/RHSA-2020:3665
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:3578 https://access.redhat.com/errata/RHSA-2020:3578
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2020:3727 https://access.redhat.com/errata/RHSA-2020:3727
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:3780 https://access.redhat.com/errata/RHSA-2020:3780
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2020:3783 https://access.redhat.com/errata/RHSA-2020:3783
This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2020:4214 https://access.redhat.com/errata/RHSA-2020:4214
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4297 https://access.redhat.com/errata/RHSA-2020:4297
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4694 https://access.redhat.com/errata/RHSA-2020:4694
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:5054 https://access.redhat.com/errata/RHSA-2020:5054
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:5055 https://access.redhat.com/errata/RHSA-2020:5055
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extras Via RHSA-2020:5056 https://access.redhat.com/errata/RHSA-2020:5056
This issue has been addressed in the following products: Openshift Serveless 1.11 Via RHSA-2020:5149 https://access.redhat.com/errata/RHSA-2020:5149
This issue has been addressed in the following products: Red Hat OpenShift Jaeger 1.20 Via RHSA-2020:5198 https://access.redhat.com/errata/RHSA-2020:5198
This issue has been addressed in the following products: Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 Via RHSA-2020:5606 https://access.redhat.com/errata/RHSA-2020:5606
This issue has been addressed in the following products: Red Hat OpenShift Container Storage 4.6.0 on RHEL-8 Via RHSA-2020:5605 https://access.redhat.com/errata/RHSA-2020:5605
This issue has been addressed in the following products: Red Hat Quay 3 Via RHSA-2021:0420 https://access.redhat.com/errata/RHSA-2021:0420
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2020:5635 https://access.redhat.com/errata/RHSA-2020:5635
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.7 Via RHSA-2020:5633 https://access.redhat.com/errata/RHSA-2020:5633
This issue has been addressed in the following products: RHEL-8-CNV-2.6 Via RHSA-2021:0799 https://access.redhat.com/errata/RHSA-2021:0799
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 7 Via RHSA-2021:0980 https://access.redhat.com/errata/RHSA-2021:0980
This issue has been addressed in the following products: 3scale API Management Via RHSA-2021:1129 https://access.redhat.com/errata/RHSA-2021:1129
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7 Via RHSA-2021:1168 https://access.redhat.com/errata/RHSA-2021:1168
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 7 Via RHSA-2021:1369 https://access.redhat.com/errata/RHSA-2021:1369
This issue has been addressed in the following products: Red Hat Integration Via RHSA-2021:2039 https://access.redhat.com/errata/RHSA-2021:2039
This issue has been addressed in the following products: Red Hat Fuse 7.9 Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140