RedHat: RHSA-2022-8938:01 Low: Release of OpenShift Serverless 1.26...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Release of OpenShift Serverless 1.26.0
Advisory ID:       RHSA-2022:8938-01
Product:           RHOSS
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8938
Issue date:        2022-12-13
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 
                   CVE-2021-43565 CVE-2022-1304 CVE-2022-2509 
                   CVE-2022-3515 CVE-2022-21618 CVE-2022-21619 
                   CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 
                   CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 
                   CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 
                   CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 
                   CVE-2022-26719 CVE-2022-27191 CVE-2022-27404 
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 
                   CVE-2022-37434 CVE-2022-39399 
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.26.0
The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11. 

This release includes security and bug fixes, and enhancements.
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2142799 - Release of OpenShift Serverless Serving 1.26.0
2142801 - Release of OpenShift Serverless Eventing 1.26.0

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY5gAzdzjgjWX9erEAQhhRw//fdQymw2E94sKQ0oIESo8CDdpa5jcoO1T
EkGfFF5P72pt5seIEgfkbvz5RZkJeH0jdBLEjnqCsZcmpY9kbfbORgJ9JqniQ7fC
kBo4KuUtv0fmF98YTtqn/xIJmvRV8fbclImaBvg9Eetqe8dmhF1I4F0r7boepWPi
89tuFUXTI1N8/lMcsksH/H+RWLy+jvczooBq1AvjhntFseVBPyGYKpkpnTNruj5y
fOGTE/GFqP9xb7RJ15kOobyaK6ru6FFN2Zh/H8gr3Olttw+OBUsvxQBZ8rdJ3wu0
SVNqqiA9H7u0wlGHK0pbXvVSodlS8ZAGO4WoeJUH2NPk5vrF4D7nSu1Tm4hbFEAa
I78hF+aFFwVWYEFQxlf5rb57rtI25iIv7INal/usVmY2NlpqsNflnVBQ8jrNiOSk
Zkpy9iCpRbJTwWwuVLxxbJyCJtP/jpzvJjPkPk/o5jJ393BtU1LJL3OwcpL40uhg
r8VkRgOcp9Xjn9KNjggO5gy8RcN6DyRnAfUrpx9x6M/fHQVGlpHNyhhVHMRWsROq
o07+rtO6gdyTZEpLrtRABW8akiuZIb0/nCKPFo3BXmcbdhDGvYgiROUSnM/OLyUM
ga9ShP+GRB7dDSfqGz/sfe8xs4GHGH56g4LVWgWfU82bSlI1dnrtUo7heEsJ1yTP
y5P3+aYsKc0=
=Aao3
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-8938:01 Low: Release of OpenShift Serverless 1.26.0

Release of OpenShift Serverless 1.26.0 The References section contains CVE links providing detailed severity ratings for each vulnerability

Summary

Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11.
This release includes security and bug fixes, and enhancements. * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section.

Solution

See the Red Hat OpenShift Container Platform 4.8 documentation at:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/indexSee the Red Hat OpenShift Container Platform 4.9 documentation at:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/indexSee the Red Hat OpenShift Container Platform 4.10 documentation at:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/indexSee the Red Hat OpenShift Container Platform 4.11 documentation at:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

References

https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

Package List

Severity
Advisory ID: RHSA-2022:8938-01
Product: RHOSS
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8938
Issued Date: : 2022-12-13
CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-43565 CVE-2022-1304 CVE-2022-2509 CVE-2022-3515 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27191 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-37434 CVE-2022-39399

Topic

Release of OpenShift Serverless 1.26.0The References section contains CVE links providing detailed severityratingsfor each vulnerability. Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score.

Relevant Releases Architectures

Bugs Fixed

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic

2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server

2142799 - Release of OpenShift Serverless Serving 1.26.0

2142801 - Release of OpenShift Serverless Eventing 1.26.0

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.