Red Hat OpenShift Serverless 1.27.0 Security Advisory RHSA-2023:0709-01
red hat
February 9, 2023
Release of OpenShift Serverless 1.27.0 The References section contains CVE links providing detailed severity ratings for each vulnerability
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.
This release includes security and bug fixes, and enhancements.
* golang: regexp/syntax: limit memory used by parsing regexps
(CVE-2022-41715)
* golang: net/http: handle server errors after sending GOAWAY
(CVE-2022-27664)
* golang: net/http/httputil: ReverseProxy should not forward unparseable
query parameters (CVE-2022-2880)
* golang: archive/tar: unbounded memory consumption when reading headers(CVE-2022-2879)
For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-42010 Read the Full Advisory
Package List
PREVIOUS
NEXT
Advisory ID: RHSA-2023:0709-01
Product: RHOSS
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0709
Issue date: 2023-02-09
Topic
Release of OpenShift Serverless 1.27.0The References section contains CVE links providing detailed severityratingsfor each vulnerability. Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score.
Topics Covered
Relevant Releases Architectures
Bugs Fixed
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
2154755 - Release of OpenShift Serverless Eventing 1.27.0
2154757 - Release of OpenShift Serverless Serving 1.27.0
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!