exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2021-1338-01

Red Hat Security Advisory 2021-1338-01
Posted Apr 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1338-01 - Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2021-20305, CVE-2021-3114, CVE-2021-3115, CVE-2021-3449, CVE-2021-3450
SHA-256 | a30988ff66266b2db5f8acca7f2c0152290e88ca56893b70bb73ae89269755fb

Red Hat Security Advisory 2021-1338-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of OpenShift Serverless 1.14.0 security update
Advisory ID: RHSA-2021:1338-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:1338
Issue date: 2021-04-22
CVE Names: CVE-2021-3114 CVE-2021-3115 CVE-2021-3449
CVE-2021-3450 CVE-2021-20305
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.14.0

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Serverless 1.14.0 is a generally available release of the
OpenShift Serverless Operator. This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform versions 4.6
and 4.7, and includes security and bug fixes and enhancements. For more
information, see the documentation listed in the References section.

Security Fix(es):

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

* golang: cmd/go: packages using cgo can cause arbitrary code execution at
build time (CVE-2021-3115)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.7/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time
1935897 - Release of OpenShift Serverless Serving 1.14.0
1935898 - Release of OpenShift Serverless Eventing 1.14.0

5. References:

https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3115
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYIHLCtzjgjWX9erEAQjPLg/9Gc50P8EDERriS4fj20MoBk3+LYDBcuCA
7GDOkY58KlcTQ4F/yBi1T3vEzrn07aQkOS3N2hjLWqc5m+qzUQeEA8IO71sMZg27
Q9nH4kBaRdVMwZTJ0ZadErgrdYhubLTPXiMk6PZzxnWn4GIvKW7cdvnGS0jZUE/r
WAwzqccLdvAamb9j35Ch+6OQYI5Q2/8Gzz9ruPrdSGbgwvLntkvkPJrUFQ4vKHii
R/VB6ZSKDxwAirqKgfNpm2uwH594IorWNgQ9tLbW3qSDWGhj/XaN1UcuCcZnXhd6
vr9jmUhsluhPdSSx3cnwAXNXj6MN+RGr/YjQ8GV0XEOamkZhw9fCahdvJhAWf2C3
40vU2X01rT2piOCdIekx4LrGpnotddEGR30eJhpo5yDehHjhcQ+fif9a3Dk7ybdo
2yTprANKIiQQv0PytB4LHp0aVsL2qC6uxZBZOvmk9BnFOC/Rxl5UjNJ1MEqXjmw1
ElPUbk37euf3vwMk8Xm4yHb4vVa5J03c1E8AvxSN8l95H7I/XWDFcBNuSU5QAYm/
Ak9t8FV4GKT+8crIpXRbnR8AGXnbT1nut0fNLU5h+aCIOJA6dge04UliFHFW1MIp
6M0o9gZ5oTOXpwvVqK5GvfC8r9x+rinJ0COVoCPaD/z5G/rCMiuoVbwkYwwxqKNl
QF+X9ZbFZvg=
=htxs
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close