RedHat: RHSA-2022-1051-01 Moderate: OpenShift Serverless 1.21.0
red hat
March 24, 2022
Release of OpenShift Serverless 1.21.0 Red Hat Product Security has rated this update as having a security impact of Moderate
Solution
See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
Summary
This version of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10,
includes
security and bug fixes and enhancements. For more information, see the
documentation listed in the References section.
Security Fix(es):
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: limit growth of header canonicalization cache
(CVE-2021-44716)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21277 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21291 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/cve/CVE-2022-21366 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 Read the Full Advisory
Package List
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:1051-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1051
Issue date: 2022-03-24
Topic
Release of OpenShift Serverless 1.21.0Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Topics Covered
Relevant Releases Architectures
Bugs Fixed
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2054720 - Release of OpenShift Serverless Eventing 1.21.0
2054721 - Release of OpenShift Serverless Serving 1.21.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!