what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-1747-01

Red Hat Security Advisory 2022-1747-01
Posted May 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-23177, CVE-2021-31566, CVE-2021-3999, CVE-2021-41771, CVE-2021-41772, CVE-2021-45960, CVE-2021-46143, CVE-2022-0778, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2022-23852, CVE-2022-25235
SHA-256 | 9f53c43845e6989b1ee838b81e5c8b82022554a46d50f3d5c6ed2d4ad233ec23

Red Hat Security Advisory 2022-1747-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Low: Release of OpenShift Serverless Version 1.22.0
Advisory ID: RHSA-2022:1747-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747
Issue date: 2022-05-09
CVE Names: CVE-2018-25032 CVE-2021-3999 CVE-2021-23177
CVE-2021-31566 CVE-2021-41771 CVE-2021-41772
CVE-2021-45960 CVE-2021-46143 CVE-2022-0778
CVE-2022-21426 CVE-2022-21434 CVE-2022-21443
CVE-2022-21449 CVE-2022-21476 CVE-2022-21496
CVE-2022-22822 CVE-2022-22823 CVE-2022-22824
CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
CVE-2022-23218 CVE-2022-23219 CVE-2022-23308
CVE-2022-23852 CVE-2022-25235 CVE-2022-25236
CVE-2022-25315
====================================================================
1. Summary:

OpenShift Serverless version 1.22.0 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This
release includes security and bug fixes and enhancements.

For more information, see the documentation linked in the Solution section.

Security Fixes in this release include:
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: debug/macho: invalid dynamic symbol table command can cause panic
(CVE-2021-41771)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
pages
linked in the References section.

3. Solution:

For details about the Security fixes, see these Red Hat OpenShift Container
Platform documentation:
* Red Hat OpenShift Container Platform 4.6:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
* Red Hat OpenShift Container Platform 4.7:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
* Red Hat OpenShift Container Platform 4.8:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
* Red Hat OpenShift Container Platform 4.9:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
* Red Hat OpenShift Container Platform 4.10:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic
2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-41771
https://access.redhat.com/security/cve/CVE-2021-41772
https://access.redhat.com/security/cve/CVE-2021-45960
https://access.redhat.com/security/cve/CVE-2021-46143
https://access.redhat.com/security/cve/CVE-2022-0778
https://access.redhat.com/security/cve/CVE-2022-21426
https://access.redhat.com/security/cve/CVE-2022-21434
https://access.redhat.com/security/cve/CVE-2022-21443
https://access.redhat.com/security/cve/CVE-2022-21449
https://access.redhat.com/security/cve/CVE-2022-21476
https://access.redhat.com/security/cve/CVE-2022-21496
https://access.redhat.com/security/cve/CVE-2022-22822
https://access.redhat.com/security/cve/CVE-2022-22823
https://access.redhat.com/security/cve/CVE-2022-22824
https://access.redhat.com/security/cve/CVE-2022-22825
https://access.redhat.com/security/cve/CVE-2022-22826
https://access.redhat.com/security/cve/CVE-2022-22827
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/cve/CVE-2022-25236
https://access.redhat.com/security/cve/CVE-2022-25315
For
details
about
the
security
issues
see
these
CVE
pages:
*
https://access.redhat.com/security/updates/classification/#low
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnnnQ9zjgjWX9erEAQic0Q//cW5IAvm8QzwixbMplWldv7uksp2XHcs7
KbpNwCCik3nmiNlfJHHQcyROFaBxksCM8DO4x50yRhFoi6BRYXdOwr8Q9Z19/EVb
MeTjG7FHpn3PqyO98/1UH71TB1OIZq7i6Xw7GTWtm0W/zNmwQKFdjTmUvEtRGY9T
R0Eg+oYQXo2AuW3sADH13lR3NP+DfgQCDqYaLldodSRVo2V24woQrj4ZZ5b4suTT
gDe1XiELiayGRNO9/gMQyRUUcyj4BrWL4DQAXcfr2/txmxDr/PvWVL3IPpOJz9Rv
CBPlGVuTb7GIwY/QUARiqQesKGb2DlR+iua8MGGyEhWmCtAdh9WPHYypZJKLMQzJ
0XoVRP9VOiNaU7foHY2r3fLk6niSpo7GNm6NdK7y1DklP3kXBd8xsLcNlm9DFwHl
uPsrFkBeYVEDTWPSrp/P7tpwSh1ADct+zPiEttKM02tnOSNfHgKOf1oLdUmgsyXT
h6YzSYsu94E1vqcsE0NYcT30Ly5tw+/PydDFHur4bQzBzxMIz8rZusaLwhBgD2nH
RhWTMvW9xt1aMRgyBlVRBXLU+9WhhE//GyKxeryRUqkT5+i+JLI4pqp/8JkaSAxu
yyBHDl/49lbzEdOrRS0qGmYwReFlzWlbDQlpxBzVx2/weac7zC8COiOBiiFbQ+iT
wpa+OWoDOzwÏBR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close