-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless 1.11.0
Advisory ID:       RHSA-2020:5149-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5149
Issue date:        2020-11-18
CVE Names:         CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 
                   CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 
                   CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 
                   CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 
                   CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 
                   CVE-2019-20454 CVE-2019-20907 CVE-2019-20916 
                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 
                   CVE-2020-6405 CVE-2020-7595 CVE-2020-8177 
                   CVE-2020-8492 CVE-2020-9327 CVE-2020-10029 
                   CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 
                   CVE-2020-14040 CVE-2020-14422 
====================================================================
1. Summary:

Release of OpenShift Serverless 1.11.0

2. Description:

Red Hat OpenShift Serverless 1.11.0 is a generally available release of the
OpenShift Serverless Operator. This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform version 4.6.

Security Fix(es): 
 * golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

4. Bugs fixed (https://bugzilla.redhat.com/):

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1889831 - Release of OpenShift Serverless Serving 1.11.0
1889833 - Release of OpenShift Serverless Eventing 1.11.0

5. References:

https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-1551
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX7U50tzjgjWX9erEAQiVDRAAlUzM2NA7x7TjcdwED8FCEf+zjqRn/Mpd
H5kTJZnBSW4MOVc0EP1oG7b69MSREdcWszbyJBpENDvJrwJZ2KjtetJ9tudvrJyc
NhQH2kg/wBJufbv7IIDtYYbaMgqqERyTM4OevNe1mCH3/yFJHmVo33WeIP7OQ2me
hWmTG1uVb1TdFIt4yevH9KJUP/uVYJhKpuDTd7jk4zfKhX/a3UjmoF1WPnorJvD0
pkOgwGlkY27o2a1WKjrQHxAecHDXwHZPjLkyhP/GFKhatqDQsAQPKF8GrXq+vX8r
pEWUjVY25wncy49wOrm9V5fPLs/UB2QBesyr7p18WyirA2u6s4vkDnk10CFDxHTv
g57Kz+tVbM93zQ+j5mYguy2cWr19Rip0BCziB6pUG6BNHmFyoLakNj1FIQrk1QXP
cpSCl1WoCFB35plCwgIBd6LI1Oesw7NfyKlSkYYrT88p9B33ZSxMoTvgBqg4SUqf
ijT6SbhqASId3zjUwZjSAeChbmiFkkLDWgsSiX5xfAFkhkVjzX8BPdekVTBY97XX
lCoAW2hbsyDvLr9B2PrUw6TsuQS5aSQ1F/YK3jxybuVY6RyhfGQ9iMKUhErEl+2Z
3uEtKaeDvJ9JOJLln2UIs86FUeRxgt+HUJsN4Lk0aEbEeMNjlhekGVdKjoFt26Du
PQ+QvoHSnZQ=M5kM
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-5149:01 Moderate: Release of OpenShift Serverless 1.11.0

Release of OpenShift Serverless 1.11.0 2

Summary

Red Hat OpenShift Serverless 1.11.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6.
Security Fix(es): * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.



Summary


Solution

See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index

References

https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-1551 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2020:5149-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5149
Issued Date: : 2020-11-18
CVE Names: CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-6405 CVE-2020-7595 CVE-2020-8177 CVE-2020-8492 CVE-2020-9327 CVE-2020-10029 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14040 CVE-2020-14422

Topic

Release of OpenShift Serverless 1.11.0


Topic


 

Relevant Releases Architectures


Bugs Fixed

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

1889831 - Release of OpenShift Serverless Serving 1.11.0

1889833 - Release of OpenShift Serverless Eventing 1.11.0


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved