exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2021-0146-01

Red Hat Security Advisory 2021-0146-01
Posted Jan 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-13050, CVE-2019-13627, CVE-2019-14889, CVE-2019-15903, CVE-2019-16168, CVE-2019-19221, CVE-2019-19906, CVE-2019-19956, CVE-2019-20218, CVE-2019-20387, CVE-2019-20388, CVE-2019-20454, CVE-2019-5018, CVE-2020-10029, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-1730, CVE-2020-1751, CVE-2020-1752, CVE-2020-1971, CVE-2020-24553, CVE-2020-24659, CVE-2020-28362, CVE-2020-28366, CVE-2020-28367
SHA-256 | a86c00be6acf79cfc141fb047b2a8d856fd69b40c660eaa8ec6d9b8a5a91d313

Red Hat Security Advisory 2021-0146-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of OpenShift Serverless 1.12.0
Advisory ID: RHSA-2021:0146-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0146
Issue date: 2021-01-14
CVE Names: CVE-2018-20843 CVE-2019-5018 CVE-2019-13050
CVE-2019-13627 CVE-2019-14889 CVE-2019-15903
CVE-2019-16168 CVE-2019-19221 CVE-2019-19906
CVE-2019-19956 CVE-2019-20218 CVE-2019-20387
CVE-2019-20388 CVE-2019-20454 CVE-2020-1730
CVE-2020-1751 CVE-2020-1752 CVE-2020-1971
CVE-2020-6405 CVE-2020-7595 CVE-2020-9327
CVE-2020-10029 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-24553 CVE-2020-24659
CVE-2020-28362 CVE-2020-28366 CVE-2020-28367
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.12.0

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each
vulnerability. For more information, see the CVE links in the References
section.

2. Description:

Red Hat OpenShift Serverless 1.12.0 is a generally available release of the
OpenShift Serverless Operator.

This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform version 4.6,
and includes security and bug fixes and enhancements. For more information,
see the documentation listed in the References section.

Security Fix(es):

* golang: default Content-Type setting in net/http/cgi and net/http/fcgi
could cause XSS (CVE-2020-24553)

* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)

* golang: malicious symbol names can lead to code execution at build time
(CVE-2020-28366)

* golang: improper validation of cgo flags can lead to code execution at
build time (CVE-2020-28367)

For more details about the security issues and their impact, the CVSS
score, acknowledgements, and other related information, see the CVE pages
listed in the References section.

3. Solution:

See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

4. Bugs fixed (https://bugzilla.redhat.com/):

1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time
1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time
1906381 - Release of OpenShift Serverless Serving 1.12.0
1906382 - Release of OpenShift Serverless Eventing 1.12.0

5. References:

https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-1971
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-24553
https://access.redhat.com/security/cve/CVE-2020-24659
https://access.redhat.com/security/cve/CVE-2020-28362
https://access.redhat.com/security/cve/CVE-2020-28366
https://access.redhat.com/security/cve/CVE-2020-28367
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYAB9FtzjgjWX9erEAQhy4w/8DkWBfDN8NTwDn5G3DQm7avlhwkCoRMUQ
Vt2xCRU6oj06m1xmmixHjbXldN9E8xmJCA9MPfRolKfqFvgxgLs0ZfQNo51qZu2B
IlnB/flgg2xT6j5LRSB6gUILkgeKnnTQOoldrc6W4snz+TwPxVUDGLWx4UlaO2n1
giniC6RESaACoMBZYijKjaM/PAo665Fajfs91bgcg7YnnYtu6Zbs561CoRDg7rR1
nC9zqJDfPQXj01GhKqkscVxDjhWRxo9Dvk7bdT9fSMK9o6EZiRnE4HXNm4FjzLIw
FXQ1Pd7T6Car3iwN0ZMRLn/aEYPzc3h4d3tAMQj+NwHLX0MnXB61+e2bkoFGEluF
PCTis0uhfQaL9unbrQ1NVKMMcbbztlGh9hjY//RLX/aTvYrGqi2sBlnA6n14dRPy
rc6fdK3GdVI4doC1SnIMI7ZvWv3Jt5Wq5l/AnxWm/+pn68ibIMPyC0vU82bffUtA
aiei6JPY7u3O+JqrlQYVQ2tICySnM2bEbP98emg0bedzkD9JfFOQpg8sxkm+V1qm
Tu2xl/v5jHr70nICzVUF3paztwCvMyeD63pYbtWXPqQmc1IIpCUgTQQwpC+G93Uf
wu2FJ4Vqb2tiqRkI4Ju3WJd1qKyTz+83pkuKHwe845n7D8kRFxEYpmE50lT7eAab
A3H5xDIIYLk=
=2gLp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close