Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat: RHSA-2021:0146 Moderate: OpenShift Serverless Client Update

red hat
Calendar Grey January 14, 2021
Dist Redhat Esm H88
The OpenShift Serverless CLI from Red Hat has released an update addressing various moderate-level security vulnerabilities present in version 1.12.0.
Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate

Solution

See the documentation at: https://docs.redhat.com/en/documentation/openshift_container_platform/4.21 4.6/html/serverless_applications/index

Summary

Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Red Hat OpenShift Serverless Client kn 1.12.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.12.0, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553)
* golang: math/big: panic during recursive division of very large numbers(CVE-2020-28362)
* golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366)
* golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue Red Hat moderate impact Moderate OpenShift Red Hat OpenShift Serverless Client Update CLI update Red Hat advisory

References

https://access.redhat.com/security/cve/CVE-2020-24553 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-28366 https://access.redhat.com/security/cve/CVE-2020-28367 https://access.redhat.com/security/updates/classification#moderate

Package List

Openshift Serverless 1 on RHEL 8Base:
Source: openshift-serverless-clients-0.18.4-2.el8.src.rpm
x86_64: openshift-serverless-clients-0.18.4-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:0145-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0145
Issue date: 2021-01-14

Topic

Red Hat OpenShift Serverless Client kn 1.12.0Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for eachvulnerability. For more information, see the CVE links in the Referencessection.

Topics%20covered

Topics Covered

security advisory security issue Red Hat moderate impact Moderate OpenShift Red Hat OpenShift Serverless Client Update CLI update Red Hat advisory

Relevant Releases Architectures

Openshift Serverless 1 on RHEL 8Base - x86_64

Bugs Fixed

1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time

1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time

1906386 - Release of OpenShift Serverless Client 1.12.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here