exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-4863-01

Red Hat Security Advisory 2022-4863-01
Posted Jun 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-4189, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
SHA-256 | dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9c
Download | Favorite | View

Red Hat Security Advisory 2022-4863-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless Version 1.22.1
Advisory ID:       RHSA-2022:4863-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4863
Issue date:        2022-06-01
CVE Names:         CVE-2018-25032 CVE-2021-3634 CVE-2021-3737 
                   CVE-2021-4189 CVE-2022-23772 CVE-2022-23773 
                   CVE-2022-23806 
=====================================================================

1. Summary:

OpenShift Serverless version 1.22.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. 

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:
- - golang: crypto/elliptic IsOnCurve returns true for invalid field
elements(CVE-2022-23806)
- - golang: cmd/go: misinterpretation of branch names can lead to incorrect
access control(CVE-2022-23773)
- - golang: math/big: uncontrolled memory consumption due to an unhandled
overflow via Rat.SetString (CVE-2022-23772)

For more details about the security issues, including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE
pages linked in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

5. JIRA issues fixed (https://issues.jboss.org/):

SRVKE-1217 - New KafkaSource implementation does not default to PLAIN for SASL

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3634
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-4189
https://access.redhat.com/security/cve/CVE-2022-23772
https://access.redhat.com/security/cve/CVE-2022-23773
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYpd09dzjgjWX9erEAQhJnA/9E2DMi3bRFUcyAT7IpjWebeCLewnzLIAU
ZpxSqedhjzdAFO3KVpUHydTBUC4TU4orNDL6VzaFaZCP8kderqsWFdppKKST3Hr7
6zSSY1vBRuJxlX6u+PHMoihYLN3RK1Mz8Iv70gMKQAOmK45IUvYH1qsuUbWMuB7R
WJVsDWTdYy0PQT1+MjIT/LAFt88cMKKXCTLdoV9QVJ8xCYjWixzRKTNzupWQ/YWu
BVMpecXMD3gE1fzBnrwsdU+JspNvE2oD3lo61coSfjtOgoIvyoEz+ndctc7Bf16i
PNRKGzRU2afvULaXtG2Vb5kF5VGziB4S1t+sDfTujXQ0qaEMs/DB4JpA6QIRTTq9
8twhK4XvZHmjEDjyry39w+A1LD1e69135zHfY6dTBaBiIUsbYEccjJq6Joj/dQZp
bzhZZh7Pp0IFbPwL66Icssz2v/ofRB0Jyle3FZEpwxwTRQiE72VDXamHjkkh4kz6
1OvmkjVeUOq8PJZkd3GWg8haDcnEAyuU5huGfFIHJMeYUMYtvBJqBafsJ0V3ZYQy
QRDqqQ6RDnLz5o2URsTwTZ1mlN77m0Bs/Vfcq0w2bVsI/JAcUGY91I3/x0GCSgYj
U8BxPTsYi4XcwTKIVJ0sprMNy6Z4kSpgDYDTBGWzynOQUSHztTehldWWHW5TyHzR
speTkdilI20=
=eEoR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    13 Files
  • 27
    Jun 27th
    42 Files
  • 28
    Jun 28th
    9 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close