what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-3455-01

Red Hat Security Advisory 2023-3455-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3455-01 - OpenShift Serverless version 1.29.0 contains a moderate security impact. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939
SHA-256 | fb699e506aa118c17dbd87137af0d14f01a829ce5c8b64ec9846e9ca82990b0b

Red Hat Security Advisory 2023-3455-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of OpenShift Serverless 1.29.0
Advisory ID: RHSA-2023:3455-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3455
Issue date: 2023-06-05
CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-36227
CVE-2022-41723 CVE-2022-41724 CVE-2022-41725
CVE-2023-0215 CVE-2023-0286 CVE-2023-0361
CVE-2023-0767 CVE-2023-21930 CVE-2023-21937
CVE-2023-21938 CVE-2023-21939 CVE-2023-21954
CVE-2023-21967 CVE-2023-21968 CVE-2023-24534
CVE-2023-24536 CVE-2023-24537 CVE-2023-24538
CVE-2023-25173 CVE-2023-27535
=====================================================================

1. Summary:

OpenShift Serverless version 1.29.0 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.29.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

- - containerd: Supplementary groups are not set up properly(CVE-2023-25173)
- - golang.org/x/net/http2: avoid quadratic complexity in HPACK
decoding(CVE-2022-41723)
- - golang: net/http, mime/multipart: denial of service from excessive
resource consumption(CVE-2022-41725)
- - golang: crypto/tls: large handshake records may cause
panics(CVE-2022-41724)
- - golang: html/template: backticks not treated as string
delimiters(CVE-2023-24538)
- - golang: net/http, net/textproto, mime/multipart: denial of service from
excessive resource consumption(CVE-2023-24536)
- - golang: net/http, net/textproto: denial of service from excessive memory
allocation(CVE-2023-24534)
- - golang: go/parser: Infinite loop in parsing(CVE-2023-24537)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, see the CVE pages
linked from the References section.

3. Solution:

For instructions on how to install and use OpenShift Serverless, see
documentation linked from the References section.

4. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters
2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption
2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation
2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing
2185507 - Release of OpenShift Serverless Serving 1.29.0
2185509 - Release of OpenShift Serverless Eventing 1.29.0

5. References:

https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2022-41723
https://access.redhat.com/security/cve/CVE-2022-41724
https://access.redhat.com/security/cve/CVE-2022-41725
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-0767
https://access.redhat.com/security/cve/CVE-2023-21930
https://access.redhat.com/security/cve/CVE-2023-21937
https://access.redhat.com/security/cve/CVE-2023-21938
https://access.redhat.com/security/cve/CVE-2023-21939
https://access.redhat.com/security/cve/CVE-2023-21954
https://access.redhat.com/security/cve/CVE-2023-21967
https://access.redhat.com/security/cve/CVE-2023-21968
https://access.redhat.com/security/cve/CVE-2023-24534
https://access.redhat.com/security/cve/CVE-2023-24536
https://access.redhat.com/security/cve/CVE-2023-24537
https://access.redhat.com/security/cve/CVE-2023-24538
https://access.redhat.com/security/cve/CVE-2023-25173
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZH521tzjgjWX9erEAQicLg/+JJY0iROByNwBz9upWD+qDC+ffNd+85c+
VIj8Gpp3Zy6lgGokmtp6YzlZgJvJ/HROOYp2Hy+8eTCwkBQsV/7zdEmT1DfYMFYL
yH8k3Gmf+fxaoL4LuY457Pdn2w2Szhj5sUWnUCw/8UTQfO3msNya0zK0Z3+KJ9Nz
fIdRMQb0wI2JN1y+kISdSTqfOJKuWuhCQ5H5yhnxV74H9d8jC59jOCpz84fZ3VE2
atrDnYRZV/URzkCDMTcLFbqewgC+O4dX953F91RyycAaVEP2+wHCLMF6QfsnU0se
6zFFvuUbsgWgxlFyrovylnmm6CGGQ/Tkp9olpnLZp0eXK67tt4KTbL/N8iPt7qYt
9S5VlN1IS6jA8DpyF1AxQNng6yJmjGCGhOp2n2F25cz6IYbz5hmFLluDkdCkeyzu
xSGQ9bT+K2ih6W4UwAMy3eI0YtZ8qC4e8GIP9EBgLsNowblR76IjkpKI8lrt+XSW
tI+cz6XT0HaMkEJhzOnlm4uxJAQqpde/hwlQ4GdlMR4F13yX44UMEglwaJSkIrMZ
dg7tfZ1t1K4+JOjXET4F22/RZnu+Bc6QDkA4BboRyB68/WLhmUfUy+Z7wsIgKif+
yFCqUE+2sRu6Xn3Y6bfAZem41gLXBhKV5tvdhmm+PrdB3jQAt/ISjXSGdYLxmC4X
1hDAf16dj7Y=
=YctY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close