Linux Security
Linux Security
Linux Security

RedHat: RHSA-2021-1339:01 Moderate: Release of OpenShift Serverless Client

Date 22 Apr 2021
126
Posted By LinuxSecurity Advisories
Release of OpenShift Serverless Client kn 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless Client kn 1.14.0 and security update
Advisory ID:       RHSA-2021:1339-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1339
Issue date:        2021-04-22
CVE Names:         CVE-2021-3114 CVE-2021-3115 
=====================================================================

1. Summary:

Release of OpenShift Serverless Client kn 1.14.0

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Serverless Client kn 1.14.0 provides a CLI to interact
with Red Hat OpenShift Serverless 1.14.0. The kn CLI is delivered as an RPM
package for installation on RHEL platforms, and as binaries for non-Linux
platforms.

Security Fix(es):

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

* golang: cmd/go: packages using cgo can cause arbitrary code execution at
build time (CVE-2021-3115)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.7/html/serverless/index

5. Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time
1941695 - Release of OpenShift Serverless Client 1.14.0

6. Package List:

Openshift Serverless 1 on RHEL 8Base:

Source:
openshift-serverless-clients-0.20.0-6.el8.src.rpm

ppc64le:
openshift-serverless-clients-0.20.0-6.el8.ppc64le.rpm

s390x:
openshift-serverless-clients-0.20.0-6.el8.s390x.rpm

x86_64:
openshift-serverless-clients-0.20.0-6.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3115
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYIG+JtzjgjWX9erEAQg53g/+Plj203uZhkyfzfqWCpSOa7b6N29nlZ6e
URYk+GSmKc9d4TB9L2ZG6sTvwtLo0WFP09dEbn7XOvN61Rj9zUgHALC8pWENppsZ
ok085H8VaH1ND835bGcDAbHvo9t97h2T6j9tjaNHFmVuC2ZqnQwnjp1qiE2+Gb+6
TdHo4dA40rOyF0JUmmuIUTs06cfYIySrVsgGYOCSmDlkAxivZrjUi0Q3gzTHt4MP
Q24m0RqZM+GyyCJUuAZUAfoiiPTVxM7vqa4ssXr0PTJTbPyNkl8oHl7+l6sguZdf
cY4ILptHyNLsWvvZIZnUu9uHuQ9ABaGKJEYfesvu6CLXp4U+M1R9Waf+XMqoyk72
YAuptXu0wqMMR//v3x/3efcEyMvFKT9pAPqDONKYbpofI0YQL/5/kOm/h+gSFGpB
PDqgKEOrMTxhGIf5I7Y9PRkq2ijADuIGxp23tE+tV4ksBpv4zAhMleV/MZFpvuxK
8AUq0e8F4WIcCFIYoksAfDJdIA04qBMN8IMlQUChg10K6mpYPRG68P7ACgvkp7ty
zB83XE8QzSYPniYU11advsDukoL1pg/1JofN38d4MQHyEPMJgqXRyUbWit90HDF4
mOyyUbC8WnG0qwPc3QrWUhZPIbjqvozK3UEF1ppknT6Le5xdlSBzU1GSdKm8DFIv
t7nxjEbNyrc=
=LjPU
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"66","type":"x","order":"1","pct":75.86,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"14","type":"x","order":"2","pct":16.09,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.05,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.