Red Hat: RHSA-2021:2705-01 Moderate: OpenShift Serverless 1.16.0 Release
red hat
July 13, 2021
Release of OpenShift Serverless 1.16.0 Red Hat Product Security has rated this update as having a security impact of Moderate
Solution
See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.21
4.6/html/serverless_applications/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.21
4.7/html/serverless/index
Summary
Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless
Operator. This version of the OpenShift Serverless Operator is supported on
Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes
security and bug fixes and enhancements. For more information, see the
documentation listed in the References section.
Security Fix(es):
* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a
custom TokenReader (CVE-2021-27918)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header (CVE-2021-31525)
* golang: archive/zip: malformed archive may cause panic or memory
exhaustion (CVE-2021-33196)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
References
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-27918 Read the Full Advisory
Package List
PREVIOUS
NEXT
Advisory ID: RHSA-2021:2705-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2705
Issue date: 2021-07-13
Topic
Release of OpenShift Serverless 1.16.0Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Bugs Fixed
1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader
1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion
1971445 - Release of OpenShift Serverless Serving 1.16.0
1971448 - Release of OpenShift Serverless Eventing 1.16.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!