Red Hat OpenShift 1.22.0 Advisory RHSA-2022-1747-01 Low: Security Fixes
red hat
May 10, 2022
OpenShift Serverless version 1.22.0 contains a moderate security impact
Solution
For details about the Security fixes, see these Red Hat OpenShift Container
Platform documentation:
* Red Hat OpenShift Container Platform 4.6:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
* Red Hat OpenShift Container Platform 4.7:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
* Red Hat OpenShift Container Platform 4.8:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
* Red Hat OpenShift Container Platform 4.9:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
* Red Hat OpenShift Container Platform 4.10:
https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33
Summary
Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This
release includes security and bug fixes and enhancements.
For more information, see the documentation linked in the Solution section.
Security Fixes in this release include:
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: debug/macho: invalid dynamic symbol table command can cause panic
(CVE-2021-41771)
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
pages
linked in the References section.
References
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 Read the Full Advisory
Package List
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:1747-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747
Issue date: 2022-05-09
Topic
OpenShift Serverless version 1.22.0 contains a moderate security impact.The References section contains CVE links providing detailed severityratings for each vulnerability. Ratings are based on a Common VulnerabilityScoring System (CVSS) base score.
Relevant Releases Architectures
Bugs Fixed
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic
2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!