Red Hat Security Advisory 2020-5149-01 - Red Hat OpenShift Serverless 1.11.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6.
ae040d80529f54eb92eb0fd38e2a45abadc228521f0e608f7b65bb3d75caee9c-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Release of OpenShift Serverless 1.11.0
Advisory ID: RHSA-2020:5149-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5149
Issue date: 2020-11-18
CVE Names: CVE-2018-20843 CVE-2019-1551 CVE-2019-5018
CVE-2019-13050 CVE-2019-13627 CVE-2019-14889
CVE-2019-15903 CVE-2019-16168 CVE-2019-16935
CVE-2019-19221 CVE-2019-19906 CVE-2019-19956
CVE-2019-20218 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20907 CVE-2019-20916
CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
CVE-2020-6405 CVE-2020-7595 CVE-2020-8177
CVE-2020-8492 CVE-2020-9327 CVE-2020-10029
CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
CVE-2020-14040 CVE-2020-14422
====================================================================
1. Summary:
Release of OpenShift Serverless 1.11.0
2. Description:
Red Hat OpenShift Serverless 1.11.0 is a generally available release of the
OpenShift Serverless Operator. This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform version 4.6.
Security Fix(es):
* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.
3. Solution:
See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index
4. Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1889831 - Release of OpenShift Serverless Serving 1.11.0
1889833 - Release of OpenShift Serverless Eventing 1.11.0
5. References:
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-1551
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX7U50tzjgjWX9erEAQiVDRAAlUzM2NA7x7TjcdwED8FCEf+zjqRn/Mpd
H5kTJZnBSW4MOVc0EP1oG7b69MSREdcWszbyJBpENDvJrwJZ2KjtetJ9tudvrJyc
NhQH2kg/wBJufbv7IIDtYYbaMgqqERyTM4OevNe1mCH3/yFJHmVo33WeIP7OQ2me
hWmTG1uVb1TdFIt4yevH9KJUP/uVYJhKpuDTd7jk4zfKhX/a3UjmoF1WPnorJvD0
pkOgwGlkY27o2a1WKjrQHxAecHDXwHZPjLkyhP/GFKhatqDQsAQPKF8GrXq+vX8r
pEWUjVY25wncy49wOrm9V5fPLs/UB2QBesyr7p18WyirA2u6s4vkDnk10CFDxHTv
g57Kz+tVbM93zQ+j5mYguy2cWr19Rip0BCziB6pUG6BNHmFyoLakNj1FIQrk1QXP
cpSCl1WoCFB35plCwgIBd6LI1Oesw7NfyKlSkYYrT88p9B33ZSxMoTvgBqg4SUqf
ijT6SbhqASId3zjUwZjSAeChbmiFkkLDWgsSiX5xfAFkhkVjzX8BPdekVTBY97XX
lCoAW2hbsyDvLr9B2PrUw6TsuQS5aSQ1F/YK3jxybuVY6RyhfGQ9iMKUhErEl+2Z
3uEtKaeDvJ9JOJLln2UIs86FUeRxgt+HUJsN4Lk0aEbEeMNjlhekGVdKjoFt26Du
PQ+QvoHSnZQ=M5kM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed