Red Hat Security Advisory 2022-1747-01 - OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability.
9f53c43845e6989b1ee838b81e5c8b82022554a46d50f3d5c6ed2d4ad233ec23
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: Release of OpenShift Serverless Version 1.22.0
Advisory ID: RHSA-2022:1747-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747
Issue date: 2022-05-09
CVE Names: CVE-2018-25032 CVE-2021-3999 CVE-2021-23177
CVE-2021-31566 CVE-2021-41771 CVE-2021-41772
CVE-2021-45960 CVE-2021-46143 CVE-2022-0778
CVE-2022-21426 CVE-2022-21434 CVE-2022-21443
CVE-2022-21449 CVE-2022-21476 CVE-2022-21496
CVE-2022-22822 CVE-2022-22823 CVE-2022-22824
CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
CVE-2022-23218 CVE-2022-23219 CVE-2022-23308
CVE-2022-23852 CVE-2022-25235 CVE-2022-25236
CVE-2022-25315
====================================================================
1. Summary:
OpenShift Serverless version 1.22.0 contains a moderate security impact.
The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.
2. Description:
Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This
release includes security and bug fixes and enhancements.
For more information, see the documentation linked in the Solution section.
Security Fixes in this release include:
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: debug/macho: invalid dynamic symbol table command can cause panic
(CVE-2021-41771)
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
pages
linked in the References section.
3. Solution:
For details about the Security fixes, see these Red Hat OpenShift Container
Platform documentation:
* Red Hat OpenShift Container Platform 4.6:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
* Red Hat OpenShift Container Platform 4.7:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
* Red Hat OpenShift Container Platform 4.8:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
* Red Hat OpenShift Container Platform 4.9:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
* Red Hat OpenShift Container Platform 4.10:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
4. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic
2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string
5. References:
https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3999
https://access.redhat.com/security/cve/CVE-2021-23177
https://access.redhat.com/security/cve/CVE-2021-31566
https://access.redhat.com/security/cve/CVE-2021-41771
https://access.redhat.com/security/cve/CVE-2021-41772
https://access.redhat.com/security/cve/CVE-2021-45960
https://access.redhat.com/security/cve/CVE-2021-46143
https://access.redhat.com/security/cve/CVE-2022-0778
https://access.redhat.com/security/cve/CVE-2022-21426
https://access.redhat.com/security/cve/CVE-2022-21434
https://access.redhat.com/security/cve/CVE-2022-21443
https://access.redhat.com/security/cve/CVE-2022-21449
https://access.redhat.com/security/cve/CVE-2022-21476
https://access.redhat.com/security/cve/CVE-2022-21496
https://access.redhat.com/security/cve/CVE-2022-22822
https://access.redhat.com/security/cve/CVE-2022-22823
https://access.redhat.com/security/cve/CVE-2022-22824
https://access.redhat.com/security/cve/CVE-2022-22825
https://access.redhat.com/security/cve/CVE-2022-22826
https://access.redhat.com/security/cve/CVE-2022-22827
https://access.redhat.com/security/cve/CVE-2022-23218
https://access.redhat.com/security/cve/CVE-2022-23219
https://access.redhat.com/security/cve/CVE-2022-23308
https://access.redhat.com/security/cve/CVE-2022-23852
https://access.redhat.com/security/cve/CVE-2022-25235
https://access.redhat.com/security/cve/CVE-2022-25236
https://access.redhat.com/security/cve/CVE-2022-25315
For
details
about
the
security
issues
see
these
CVE
pages:
*
https://access.redhat.com/security/updates/classification/#low
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
*
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnnnQ9zjgjWX9erEAQic0Q//cW5IAvm8QzwixbMplWldv7uksp2XHcs7
KbpNwCCik3nmiNlfJHHQcyROFaBxksCM8DO4x50yRhFoi6BRYXdOwr8Q9Z19/EVb
MeTjG7FHpn3PqyO98/1UH71TB1OIZq7i6Xw7GTWtm0W/zNmwQKFdjTmUvEtRGY9T
R0Eg+oYQXo2AuW3sADH13lR3NP+DfgQCDqYaLldodSRVo2V24woQrj4ZZ5b4suTT
gDe1XiELiayGRNO9/gMQyRUUcyj4BrWL4DQAXcfr2/txmxDr/PvWVL3IPpOJz9Rv
CBPlGVuTb7GIwY/QUARiqQesKGb2DlR+iua8MGGyEhWmCtAdh9WPHYypZJKLMQzJ
0XoVRP9VOiNaU7foHY2r3fLk6niSpo7GNm6NdK7y1DklP3kXBd8xsLcNlm9DFwHl
uPsrFkBeYVEDTWPSrp/P7tpwSh1ADct+zPiEttKM02tnOSNfHgKOf1oLdUmgsyXT
h6YzSYsu94E1vqcsE0NYcT30Ly5tw+/PydDFHur4bQzBzxMIz8rZusaLwhBgD2nH
RhWTMvW9xt1aMRgyBlVRBXLU+9WhhE//GyKxeryRUqkT5+i+JLI4pqp/8JkaSAxu
yyBHDl/49lbzEdOrRS0qGmYwReFlzWlbDQlpxBzVx2/weac7zC8COiOBiiFbQ+iT
wpa+OWoDOzwÏBR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce