Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2021-0146:01 Moderate: Release of OpenShift Serverless 1.12.0

    Date 14 Jan 2021
    229
    Posted By LinuxSecurity Advisories
    Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Release of OpenShift Serverless 1.12.0
    Advisory ID:       RHSA-2021:0146-01
    Product:           Red Hat OpenShift Serverless
    Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0146
    Issue date:        2021-01-14
    CVE Names:         CVE-2018-20843 CVE-2019-5018 CVE-2019-13050 
                       CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 
                       CVE-2019-16168 CVE-2019-19221 CVE-2019-19906 
                       CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 
                       CVE-2019-20388 CVE-2019-20454 CVE-2020-1730 
                       CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 
                       CVE-2020-6405 CVE-2020-7595 CVE-2020-9327 
                       CVE-2020-10029 CVE-2020-13630 CVE-2020-13631 
                       CVE-2020-13632 CVE-2020-24553 CVE-2020-24659 
                       CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 
    =====================================================================
    
    1. Summary:
    
    Release of OpenShift Serverless 1.12.0
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each
    vulnerability. For more information, see the CVE links in the References
    section.
    
    2. Description:
    
    Red Hat OpenShift Serverless 1.12.0 is a generally available release of the
    OpenShift Serverless Operator. 
    
    This version of the OpenShift Serverless
    Operator is supported on Red Hat OpenShift Container Platform version 4.6,
    and includes security and bug fixes and enhancements. For more information,
    see the documentation listed in the References section.
    
    Security Fix(es):
    
    * golang: default Content-Type setting in net/http/cgi and net/http/fcgi
    could cause XSS (CVE-2020-24553)
    
    * golang: math/big: panic during recursive division of very large numbers
    (CVE-2020-28362)
    
    * golang: malicious symbol names can lead to code execution at build time
    (CVE-2020-28366)
    
    * golang: improper validation of cgo flags can lead to code execution at
    build time (CVE-2020-28367)
    
    For more details about the security issues and their impact, the CVSS
    score, acknowledgements, and other related information, see the CVE pages
    listed in the References section.
    
    3. Solution:
    
    See the documentation at:
    https://access.redhat.com/documentation/en-us/openshift_container_platform/
    4.6/html/serverless_applications/index
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
    1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
    1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time
    1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time
    1906381 - Release of OpenShift Serverless Serving 1.12.0
    1906382 - Release of OpenShift Serverless Eventing 1.12.0
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2018-20843
    https://access.redhat.com/security/cve/CVE-2019-5018
    https://access.redhat.com/security/cve/CVE-2019-13050
    https://access.redhat.com/security/cve/CVE-2019-13627
    https://access.redhat.com/security/cve/CVE-2019-14889
    https://access.redhat.com/security/cve/CVE-2019-15903
    https://access.redhat.com/security/cve/CVE-2019-16168
    https://access.redhat.com/security/cve/CVE-2019-19221
    https://access.redhat.com/security/cve/CVE-2019-19906
    https://access.redhat.com/security/cve/CVE-2019-19956
    https://access.redhat.com/security/cve/CVE-2019-20218
    https://access.redhat.com/security/cve/CVE-2019-20387
    https://access.redhat.com/security/cve/CVE-2019-20388
    https://access.redhat.com/security/cve/CVE-2019-20454
    https://access.redhat.com/security/cve/CVE-2020-1730
    https://access.redhat.com/security/cve/CVE-2020-1751
    https://access.redhat.com/security/cve/CVE-2020-1752
    https://access.redhat.com/security/cve/CVE-2020-1971
    https://access.redhat.com/security/cve/CVE-2020-6405
    https://access.redhat.com/security/cve/CVE-2020-7595
    https://access.redhat.com/security/cve/CVE-2020-9327
    https://access.redhat.com/security/cve/CVE-2020-10029
    https://access.redhat.com/security/cve/CVE-2020-13630
    https://access.redhat.com/security/cve/CVE-2020-13631
    https://access.redhat.com/security/cve/CVE-2020-13632
    https://access.redhat.com/security/cve/CVE-2020-24553
    https://access.redhat.com/security/cve/CVE-2020-24659
    https://access.redhat.com/security/cve/CVE-2020-28362
    https://access.redhat.com/security/cve/CVE-2020-28366
    https://access.redhat.com/security/cve/CVE-2020-28367
    https://access.redhat.com/security/updates/classification/#moderate
    https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2021 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBYAB9FtzjgjWX9erEAQhy4w/8DkWBfDN8NTwDn5G3DQm7avlhwkCoRMUQ
    Vt2xCRU6oj06m1xmmixHjbXldN9E8xmJCA9MPfRolKfqFvgxgLs0ZfQNo51qZu2B
    IlnB/flgg2xT6j5LRSB6gUILkgeKnnTQOoldrc6W4snz+TwPxVUDGLWx4UlaO2n1
    giniC6RESaACoMBZYijKjaM/PAo665Fajfs91bgcg7YnnYtu6Zbs561CoRDg7rR1
    nC9zqJDfPQXj01GhKqkscVxDjhWRxo9Dvk7bdT9fSMK9o6EZiRnE4HXNm4FjzLIw
    FXQ1Pd7T6Car3iwN0ZMRLn/aEYPzc3h4d3tAMQj+NwHLX0MnXB61+e2bkoFGEluF
    PCTis0uhfQaL9unbrQ1NVKMMcbbztlGh9hjY//RLX/aTvYrGqi2sBlnA6n14dRPy
    rc6fdK3GdVI4doC1SnIMI7ZvWv3Jt5Wq5l/AnxWm/+pn68ibIMPyC0vU82bffUtA
    aiei6JPY7u3O+JqrlQYVQ2tICySnM2bEbP98emg0bedzkD9JfFOQpg8sxkm+V1qm
    Tu2xl/v5jHr70nICzVUF3paztwCvMyeD63pYbtWXPqQmc1IIpCUgTQQwpC+G93Uf
    wu2FJ4Vqb2tiqRkI4Ju3WJd1qKyTz+83pkuKHwe845n7D8kRFxEYpmE50lT7eAab
    A3H5xDIIYLk=
    =2gLp
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.