[RHSA-2022:8938-01] Low: Release of OpenShift Serverless 1.26.0
Security announcements for all Red Hat products and services.
rhsa-announce at redhat.com
Tue Dec 13 04:34:21 UTC 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Low: Release of OpenShift Serverless 1.26.0
Advisory ID: RHSA-2022:8938-01
Product: RHOSS
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8938
Issue date: 2022-12-13
CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527
CVE-2021-43565 CVE-2022-1304 CVE-2022-2509
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-22624 CVE-2022-22628 CVE-2022-22629
CVE-2022-22662 CVE-2022-26700 CVE-2022-26709
CVE-2022-26710 CVE-2022-26716 CVE-2022-26717
CVE-2022-26719 CVE-2022-27191 CVE-2022-27404
CVE-2022-27405 CVE-2022-27406 CVE-2022-30293
CVE-2022-37434 CVE-2022-39399
=====================================================================
1. Summary:
Release of OpenShift Serverless 1.26.0
The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.
2. Description:
Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11.
This release includes security and bug fixes, and enhancements.
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.
3. Solution:
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
4. Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2142799 - Release of OpenShift Serverless Serving 1.26.0
2142801 - Release of OpenShift Serverless Eventing 1.26.0
5. References:
https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
6. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBY5gAzdzjgjWX9erEAQhhRw//fdQymw2E94sKQ0oIESo8CDdpa5jcoO1T
EkGfFF5P72pt5seIEgfkbvz5RZkJeH0jdBLEjnqCsZcmpY9kbfbORgJ9JqniQ7fC
kBo4KuUtv0fmF98YTtqn/xIJmvRV8fbclImaBvg9Eetqe8dmhF1I4F0r7boepWPi
89tuFUXTI1N8/lMcsksH/H+RWLy+jvczooBq1AvjhntFseVBPyGYKpkpnTNruj5y
fOGTE/GFqP9xb7RJ15kOobyaK6ru6FFN2Zh/H8gr3Olttw+OBUsvxQBZ8rdJ3wu0
SVNqqiA9H7u0wlGHK0pbXvVSodlS8ZAGO4WoeJUH2NPk5vrF4D7nSu1Tm4hbFEAa
I78hF+aFFwVWYEFQxlf5rb57rtI25iIv7INal/usVmY2NlpqsNflnVBQ8jrNiOSk
Zkpy9iCpRbJTwWwuVLxxbJyCJtP/jpzvJjPkPk/o5jJ393BtU1LJL3OwcpL40uhg
r8VkRgOcp9Xjn9KNjggO5gy8RcN6DyRnAfUrpx9x6M/fHQVGlpHNyhhVHMRWsROq
o07+rtO6gdyTZEpLrtRABW8akiuZIb0/nCKPFo3BXmcbdhDGvYgiROUSnM/OLyUM
ga9ShP+GRB7dDSfqGz/sfe8xs4GHGH56g4LVWgWfU82bSlI1dnrtUo7heEsJ1yTP
y5P3+aYsKc0=
=Aao3
-----END PGP SIGNATURE-----
More information about the RHSA-announce
mailing list