Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2021-0145:01 Moderate: Red Hat OpenShift Serverless Client kn

    Date 14 Jan 2021
    256
    Posted By LinuxSecurity Advisories
    Red Hat OpenShift Serverless Client kn 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat OpenShift Serverless Client kn 1.12.0
    Advisory ID:       RHSA-2021:0145-01
    Product:           Red Hat OpenShift Serverless
    Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0145
    Issue date:        2021-01-14
    CVE Names:         CVE-2020-24553 CVE-2020-28362 CVE-2020-28366 
                       CVE-2020-28367 
    =====================================================================
    
    1. Summary:
    
    Red Hat OpenShift Serverless Client kn 1.12.0
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each
    vulnerability. For more information, see the CVE links in the References
    section.
    
    2. Relevant releases/architectures:
    
    Openshift Serverless 1 on RHEL 8Base - x86_64
    
    3. Description:
    
    Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package
    for installation on RHEL platforms, and as binaries for non-Linux
    platforms.
    
    Red Hat OpenShift Serverless Client kn 1.12.0 provides a CLI to interact
    with Red Hat OpenShift Serverless 1.12.0, and includes security and bug
    fixes and enhancements. For more information, see the release notes listed
    in the References section.
    
    Security Fix(es):
    
    * golang: default Content-Type setting in net/http/cgi and net/http/fcgi
    could cause XSS (CVE-2020-24553)
    
    * golang: math/big: panic during recursive division of very large numbers
    (CVE-2020-28362)
    
    * golang: malicious symbol names can lead to code execution at build time
    (CVE-2020-28366)
    
    * golang: improper validation of cgo flags can lead to code execution at
    build time (CVE-2020-28367)
    
    For more details about the security issues and their impact, the CVSS
    score, acknowledgements, and other related information, see the CVE pages
    listed in the References section.
    
    4. Solution:
    
    See the documentation at:
    https://access.redhat.com/documentation/en-us/openshift_container_platform/
    4.6/html/serverless_applications/index
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
    1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
    1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time
    1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time
    1906386 - Release of OpenShift Serverless Client 1.12.0
    
    6. Package List:
    
    Openshift Serverless 1 on RHEL 8Base:
    
    Source:
    openshift-serverless-clients-0.18.4-2.el8.src.rpm
    
    x86_64:
    openshift-serverless-clients-0.18.4-2.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-24553
    https://access.redhat.com/security/cve/CVE-2020-28362
    https://access.redhat.com/security/cve/CVE-2020-28366
    https://access.redhat.com/security/cve/CVE-2020-28367
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/installing-openshift-serverless-1#installing-kn
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2021 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBYABJwtzjgjWX9erEAQiEFg//VA66Q5K3IfNl5ky03WPvGpN0lbcOGu7e
    tL77eEw6lr4co45+8G38PlVQCf3EGE2OR6rYXFrEozirJvhiR0pljFz82GQjzYWx
    BStrXhfcw4TSI95+rLmuOc2yxKda2F2CSRfO1lGJJDugCoVrZrAS2elBzObAv6eI
    Gekll4TC37MhLw2d8gCNvjKbT6b0khDoAXntr/WzceqTRpPUuhvOcxDMzD6AWJDE
    5ljIwGCCNii/HO3+UHK1zdCu965R9unr3JmfPvrJaRaYTHQMsmrxLlv0R59aTOPp
    6MgHLy0Qx1tA5hdABYNkwDB7UjDaUvoQPuDN7djgMPFL1R4XBun0kNsfibt0P+5g
    rYvvClNeKga822jlTVrMDEGHb69++Ba+mYXwsf1TUhII7wGBxm93ytrVIABblqnf
    HO5AoT7qBsONj5Sm03YEbJ1SZ4KgLA2U9L1xBssg6I4N9KDo5mfLJJxzmOemd2Dp
    7Vzjefb7WIaVxleSHW7aZngyRC5O0a2nWcFYCjm8/lKRUhn1egRyC5Z8I62bFvs4
    iejUveFz4yRV8WtKuY9u2ey7xNtuxpBDGDF3zxwzXvOqa7gYKkN38XobAS3OR5bm
    aeCR1Th4MopuHjqFldtE0BjBYQ7mPZ/VKzROXyU5zIibV89dIZz5lwpi45/BSZ/Y
    6/zPPdn2CC0=
    =Tj70
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.