-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless 1.27.1
Advisory ID:       RHSA-2023:1181-01
Product:           RHOSS
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1181
Issue date:        2023-03-09
CVE Names:         CVE-2021-46848 CVE-2022-4415 CVE-2022-35737 
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41717 
                   CVE-2022-47629 CVE-2022-48303 
====================================================================
1. Summary:

OpenShift Serverless version 1.27.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

- - golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests(CVE-2022-41717)

For more details about the security issues, including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE
pages linked in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
See the Red Hat OpenShift Container Platform 4.12 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-35737
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZApNndzjgjWX9erEAQgx3A//XC7IvjWnzDjQt53reCH5H/v1zyHJf6Rs
KN4XuZW4p8lc6ZpKN8X78qHDkTKxemf+6odV2GiglJUSelCGys4+3C/F25glcrHj
+LlIdW7GTFverx0cRcEMND/w0pAKJyrSI0WlehwIb8D41oeaJpSOHaRt8TxcWb5g
p+pPk3k5lYvOjLrHNq14MIOeFg5Bl5Mif4zojDEbF6Rtu/F0PJGYgtlwqM3+dqi+
qrbk24718H0HcnUEJlN1Bt2eur6w6kbziJkKnttMbZOUACb4Vvl2uRKr2Gw3jmgn
vtlfGWyip2um22ivWgefk/vLs4v7gB4bZvBHXfCruTPASnhnB/gq/qKDFx6vfUmr
h8r8Gq5Du7o73jZAGRqqoKSrGF7trTOub5wRg/HsdKXES7+lX/oV9ZMG3FNFvawB
jiRm+8z8wfZpRLqlREyghCGlW9ndnp5UwlczeBeHx08UgH2lRMEZ5Ysmeh9Gcq9U
rBNNMgmUaDEaPAmA9R4vYeZ79HteNyPTxQEmsI6m7RC68hg/1Ufolc7FuhYJnvBy
tfHwn3SBOAyph/W+H6Y43eOCJj0bAm/TY3EskqcW0jfUcilAoz3Rjckkei5l6odF
a72Qu0O6R+N8a+TDqN1w3b9vac3PLGPEEi0T72xhjKgQn3JjqkN+/btqiTlVVApW
5uF0KKJGYLM=Ytdh
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-1181:01 Moderate: Release of OpenShift Serverless 1.27.1

OpenShift Serverless version 1.27.1 contains a moderate security impact

Summary

Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.
This release includes security and bug fixes, and enhancements.
Security Fixes in this release include:
- - golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests(CVE-2022-41717)
For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section.



Summary


Solution

See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index See the Red Hat OpenShift Container Platform 4.12 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

References

https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

Package List


Severity
Advisory ID: RHSA-2023:1181-01
Product: RHOSS
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1181
Issued Date: : 2023-03-09
CVE Names: CVE-2021-46848 CVE-2022-4415 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41717 CVE-2022-47629 CVE-2022-48303

Topic

OpenShift Serverless version 1.27.1 contains a moderate security impact.The References section contains CVE links providing detailed severityratingsfor each vulnerability. Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved