RedHat: RHSA-2022-8938:01 Low: Release of OpenShift Serverless 1.26.0
Summary
Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11.
This release includes security and bug fixes, and enhancements.
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.
Summary
Solution
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
References
https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
Package List
Topic
Release of OpenShift Serverless 1.26.0The References section contains CVE links providing detailed severityratingsfor each vulnerability. Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score.
Topic
Relevant Releases Architectures
Bugs Fixed
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2142799 - Release of OpenShift Serverless Serving 1.26.0
2142801 - Release of OpenShift Serverless Eventing 1.26.0