Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

OpenShift Serverless 1.29.0 RHSA-2023:3450-01 Moderate Security Fixes

red hat
Calendar Grey June 5, 2023
Dist Redhat Esm H88
The OpenShift Serverless Client kn version 1.29.0 has been launched, incorporating essential security patches and significant enhancements for its users.
OpenShift Serverless 1.29.0 has been released

Solution

For instructions on how to install and use OpenShift Serverless, see documentation linked from the References section.

Summary

Red Hat OpenShift Serverless Client kn 1.29.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
This release includes security and bug fixes, and enhancements.
Security Fixes in this release include:
- - containerd: Supplementary groups are not set up properly(CVE-2023-25173) - - golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding(CVE-2022-41723) - - golang: net/http, mime/multipart: denial of service from excessive resource consumption(CVE-2022-41725) - - golang: crypto/tls: large handshake records may cause panics(CVE-2022-41724) - - golang: html/template: backticks not treated as string delimiters(CVE-2023-24538) - - golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption(CVE-2023-24536) - - golang: net/http, net/textproto: denial of service from excessive memory allocation(CVE-2023-24534) - - golang: go/parser: Infinite loop in parsing(CVE-2023-24537)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat security fix release notes OpenShift Serverless CVE links

References

https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33 https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.33

Package List

Openshift Serverless 1 on RHEL 8Base:
Source: openshift-serverless-clients-1.8.1-3.el8.src.rpm
ppc64le: openshift-serverless-clients-1.8.1-3.el8.ppc64le.rpm
s390x: openshift-serverless-clients-1.8.1-3.el8.s390x.rpm
x86_64: openshift-serverless-clients-1.8.1-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2023:3450-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3450
Issue date: 2023-06-05

Topic

OpenShift Serverless 1.29.0 has been released. The References sectioncontains CVE links providing detailed severity ratings for eachvulnerability. Ratings are based on a Common Vulnerability Scoring System(CVSS) base score.

Topics%20covered

Topics Covered

security advisory moderate Red Hat security fix release notes OpenShift Serverless CVE links

Relevant Releases Architectures

Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64

Bugs Fixed

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption

2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics

2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption

2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation

2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing

2185511 - Release of Openshift Serverless Client 1.29.0

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here