RedHat: RHSA-2022-1747:01 Low: Release of OpenShift Serverless Ver...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Release of OpenShift Serverless  Version 1.22.0
Advisory ID:       RHSA-2022:1747-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1747
Issue date:        2022-05-09
CVE Names:         CVE-2018-25032 CVE-2021-3999 CVE-2021-23177 
                   CVE-2021-31566 CVE-2021-41771 CVE-2021-41772 
                   CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 
                   CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 
                   CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 
                   CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 
                   CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 
                   CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 
                   CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 
                   CVE-2022-25315 
=====================================================================

1. Summary:

OpenShift Serverless version 1.22.0 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This
release includes security and bug fixes and enhancements.

For more information, see the documentation linked in the Solution section.

Security Fixes in this release include:
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: debug/macho: invalid dynamic symbol table command can cause panic
(CVE-2021-41771)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
pages
linked in the References section.

3. Solution:

For details about the Security fixes, see these Red Hat OpenShift Container
Platform documentation:
* Red Hat OpenShift Container Platform 4.6:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
* Red Hat OpenShift Container Platform 4.7:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
* Red Hat OpenShift Container Platform 4.8:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
* Red Hat OpenShift Container Platform 4.9:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
* Red Hat OpenShift Container Platform 4.10:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic
2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-41771
https://access.redhat.com/security/cve/CVE-2021-41772
https://access.redhat.com/security/cve/CVE-2021-45960
https://access.redhat.com/security/cve/CVE-2021-46143
https://access.redhat.com/security/cve/CVE-2022-0778
https://access.redhat.com/security/cve/CVE-2022-21426
https://access.redhat.com/security/cve/CVE-2022-21434
https://access.redhat.com/security/cve/CVE-2022-21443
https://access.redhat.com/security/cve/CVE-2022-21449
https://access.redhat.com/security/cve/CVE-2022-21476
https://access.redhat.com/security/cve/CVE-2022-21496
https://access.redhat.com/security/cve/CVE-2022-22822
https://access.redhat.com/security/cve/CVE-2022-22823
https://access.redhat.com/security/cve/CVE-2022-22824
https://access.redhat.com/security/cve/CVE-2022-22825
https://access.redhat.com/security/cve/CVE-2022-22826
https://access.redhat.com/security/cve/CVE-2022-22827
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/cve/CVE-2022-25236
https://access.redhat.com/security/cve/CVE-2022-25315
For
details
about
the
security
issues
see
these
CVE
pages:
*
https://access.redhat.com/security/updates/classification/#low
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnnnQ9zjgjWX9erEAQic0Q//cW5IAvm8QzwixbMplWldv7uksp2XHcs7
KbpNwCCik3nmiNlfJHHQcyROFaBxksCM8DO4x50yRhFoi6BRYXdOwr8Q9Z19/EVb
MeTjG7FHpn3PqyO98/1UH71TB1OIZq7i6Xw7GTWtm0W/zNmwQKFdjTmUvEtRGY9T
R0Eg+oYQXo2AuW3sADH13lR3NP+DfgQCDqYaLldodSRVo2V24woQrj4ZZ5b4suTT
gDe1XiELiayGRNO9/gMQyRUUcyj4BrWL4DQAXcfr2/txmxDr/PvWVL3IPpOJz9Rv
CBPlGVuTb7GIwY/QUARiqQesKGb2DlR+iua8MGGyEhWmCtAdh9WPHYypZJKLMQzJ
0XoVRP9VOiNaU7foHY2r3fLk6niSpo7GNm6NdK7y1DklP3kXBd8xsLcNlm9DFwHl
uPsrFkBeYVEDTWPSrp/P7tpwSh1ADct+zPiEttKM02tnOSNfHgKOf1oLdUmgsyXT
h6YzSYsu94E1vqcsE0NYcT30Ly5tw+/PydDFHur4bQzBzxMIz8rZusaLwhBgD2nH
RhWTMvW9xt1aMRgyBlVRBXLU+9WhhE//GyKxeryRUqkT5+i+JLI4pqp/8JkaSAxu
yyBHDl/49lbzEdOrRS0qGmYwReFlzWlbDQlpxBzVx2/weac7zC8COiOBiiFbQ+iT
wpa+OWoDOzw=
=CfBR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1747:01 Low: Release of OpenShift Serverless Version

OpenShift Serverless version 1.22.0 contains a moderate security impact

Summary

Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This release includes security and bug fixes and enhancements.
For more information, see the documentation linked in the Solution section.
Security Fixes in this release include: * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section.

Solution

For details about the Security fixes, see these Red Hat OpenShift ContainerPlatform documentation:* Red Hat OpenShift Container Platform 4.6:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index* Red Hat OpenShift Container Platform 4.7:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index* Red Hat OpenShift Container Platform 4.8:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index* Red Hat OpenShift Container Platform 4.9:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index* Red Hat OpenShift Container Platform 4.10:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Package List

Severity
Advisory ID: RHSA-2022:1747-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747
Issued Date: : 2022-05-09
CVE Names: CVE-2018-25032 CVE-2021-3999 CVE-2021-23177 CVE-2021-31566 CVE-2021-41771 CVE-2021-41772 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315

Topic

OpenShift Serverless version 1.22.0 contains a moderate security impact.The References section contains CVE links providing detailed severityratings for each vulnerability. Ratings are based on a Common VulnerabilityScoring System (CVSS) base score.

Relevant Releases Architectures

Bugs Fixed

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic

2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.