Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

RedHat OpenShift Serverless 1.9.0 RHSA-2021:0072-01 Moderate DoS Threat

red hat
Calendar Grey January 11, 2021
Dist Redhat Esm H88
OpenShift Serverless 1.9.0 comes with essential updates categorized as moderate severity, addressing potential vulnerabilities that could affect user operational security.
OpenShift Serverless 1.9.0 release and security update is now available

Solution

See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index

Summary

Red Hat OpenShift Serverless 1.9.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5.
Security Fix(es):
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS moderate severity OpenShift OpenShift Serverless

References

https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2021:0072-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0072
Issue date: 2021-01-11

Topic

OpenShift Serverless 1.9.0 release and security update is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory Red Hat DoS moderate severity OpenShift OpenShift Serverless

Relevant Releases Architectures

Bugs Fixed

1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS

1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here