-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Low: Release of OpenShift Serverless  Version 1.22.0
Advisory ID:       RHSA-2022:1747-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1747
Issue date:        2022-05-09
CVE Names:         CVE-2018-25032 CVE-2021-3999 CVE-2021-23177 
                   CVE-2021-31566 CVE-2021-41771 CVE-2021-41772 
                   CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 
                   CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 
                   CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 
                   CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 
                   CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 
                   CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 
                   CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 
                   CVE-2022-25315 
====================================================================
1. Summary:

OpenShift Serverless version 1.22.0 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This
release includes security and bug fixes and enhancements.

For more information, see the documentation linked in the Solution section.

Security Fixes in this release include:
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: debug/macho: invalid dynamic symbol table command can cause panic
(CVE-2021-41771)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
pages
linked in the References section.

3. Solution:

For details about the Security fixes, see these Red Hat OpenShift Container
Platform documentation:
* Red Hat OpenShift Container Platform 4.6:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
* Red Hat OpenShift Container Platform 4.7:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
* Red Hat OpenShift Container Platform 4.8:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
* Red Hat OpenShift Container Platform 4.9:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
* Red Hat OpenShift Container Platform 4.10:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic
2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-41771
https://access.redhat.com/security/cve/CVE-2021-41772
https://access.redhat.com/security/cve/CVE-2021-45960
https://access.redhat.com/security/cve/CVE-2021-46143
https://access.redhat.com/security/cve/CVE-2022-0778
https://access.redhat.com/security/cve/CVE-2022-21426
https://access.redhat.com/security/cve/CVE-2022-21434
https://access.redhat.com/security/cve/CVE-2022-21443
https://access.redhat.com/security/cve/CVE-2022-21449
https://access.redhat.com/security/cve/CVE-2022-21476
https://access.redhat.com/security/cve/CVE-2022-21496
https://access.redhat.com/security/cve/CVE-2022-22822
https://access.redhat.com/security/cve/CVE-2022-22823
https://access.redhat.com/security/cve/CVE-2022-22824
https://access.redhat.com/security/cve/CVE-2022-22825
https://access.redhat.com/security/cve/CVE-2022-22826
https://access.redhat.com/security/cve/CVE-2022-22827
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/cve/CVE-2022-25236
https://access.redhat.com/security/cve/CVE-2022-25315
For
details
about
the
security
issues
see
these
CVE
pages:
*
https://access.redhat.com/security/updates/classification/#low
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnnnQ9zjgjWX9erEAQic0Q//cW5IAvm8QzwixbMplWldv7uksp2XHcs7
KbpNwCCik3nmiNlfJHHQcyROFaBxksCM8DO4x50yRhFoi6BRYXdOwr8Q9Z19/EVb
MeTjG7FHpn3PqyO98/1UH71TB1OIZq7i6Xw7GTWtm0W/zNmwQKFdjTmUvEtRGY9T
R0Eg+oYQXo2AuW3sADH13lR3NP+DfgQCDqYaLldodSRVo2V24woQrj4ZZ5b4suTT
gDe1XiELiayGRNO9/gMQyRUUcyj4BrWL4DQAXcfr2/txmxDr/PvWVL3IPpOJz9Rv
CBPlGVuTb7GIwY/QUARiqQesKGb2DlR+iua8MGGyEhWmCtAdh9WPHYypZJKLMQzJ
0XoVRP9VOiNaU7foHY2r3fLk6niSpo7GNm6NdK7y1DklP3kXBd8xsLcNlm9DFwHl
uPsrFkBeYVEDTWPSrp/P7tpwSh1ADct+zPiEttKM02tnOSNfHgKOf1oLdUmgsyXT
h6YzSYsu94E1vqcsE0NYcT30Ly5tw+/PydDFHur4bQzBzxMIz8rZusaLwhBgD2nH
RhWTMvW9xt1aMRgyBlVRBXLU+9WhhE//GyKxeryRUqkT5+i+JLI4pqp/8JkaSAxu
yyBHDl/49lbzEdOrRS0qGmYwReFlzWlbDQlpxBzVx2/weac7zC8COiOBiiFbQ+iT
wpa+OWoDOzw=CfBR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1747:01 Low: Release of OpenShift Serverless Version

OpenShift Serverless version 1.22.0 contains a moderate security impact

Summary

Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This release includes security and bug fixes and enhancements.
For more information, see the documentation linked in the Solution section.
Security Fixes in this release include: * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section.



Summary


Solution

For details about the Security fixes, see these Red Hat OpenShift Container Platform documentation: * Red Hat OpenShift Container Platform 4.6: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * Red Hat OpenShift Container Platform 4.7: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * Red Hat OpenShift Container Platform 4.8: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * Red Hat OpenShift Container Platform 4.9: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * Red Hat OpenShift Container Platform 4.10: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Package List


Severity
Advisory ID: RHSA-2022:1747-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747
Issued Date: : 2022-05-09
CVE Names: CVE-2018-25032 CVE-2021-3999 CVE-2021-23177 CVE-2021-31566 CVE-2021-41771 CVE-2021-41772 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315

Topic

OpenShift Serverless version 1.22.0 contains a moderate security impact.The References section contains CVE links providing detailed severityratings for each vulnerability. Ratings are based on a Common VulnerabilityScoring System (CVSS) base score.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic

2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved