Red Hat Security Advisory 2021-2095-01

Red Hat Security Advisory 2021-2095-01: Posted May 24, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-2095-01 - Red Hat OpenShift Serverless Client kn 1.14.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.14.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include a code execution vulnerability.; tags | advisory, code execution; systems | linux, redhat; advisories | CVE-2021-3114, CVE-2021-3115; SHA-256 | e308c1468aad01ec665814efee9eb07ce9f97ef894ba4eeba07b41306ffaef24; Download | Favorite | View

Red Hat Security Advisory 2021-2095-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless Client kn 1.14.1 security update
Advisory ID:       RHSA-2021:2095-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2095
Issue date:        2021-05-24
CVE Names:         CVE-2021-3114 CVE-2021-3115
====================================================================
1. Summary:

Release of OpenShift Serverless Client kn 1.14.1

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Serverless Client kn 1.14.1 provides a CLI to interact
with Red Hat OpenShift Serverless 1.14.1. The kn CLI is delivered as an RPM
package for installation on RHEL platforms, and as binaries for non-Linux
platforms.

Security Fix(es):

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

* golang: cmd/go: packages using cgo can cause arbitrary code execution at
build time (CVE-2021-3115)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless/index

See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.7/html/serverless/index

5. Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time

6. Package List:

Openshift Serverless 1 on RHEL 8Base:

Source:
openshift-serverless-clients-0.20.0-7.el8.src.rpm

ppc64le:
openshift-serverless-clients-0.20.0-7.el8.ppc64le.rpm

s390x:
openshift-serverless-clients-0.20.0-7.el8.s390x.rpm

x86_64:
openshift-serverless-clients-0.20.0-7.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3115
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYKvO+tzjgjWX9erEAQhGohAAllik9UYxOWLuC3N2sSBv2rRFyhyYOHDi
xq6eYWQvYXhEnO4tRlB6zP6QPp2fRXhSVnmUWeHwVXmmizBcuA3eCqACxwb2K4bD
344J5s7OF9HEFpQlINtBGCAEuuauPfTYYgyfldEwXLasqiidi2ViOHE/GMBr3AsS
33k2O7wy8ev9QLJVYNP2GD7NgRoEGioK5qL/zsMOVyBtzGc3Nq55OzZ9Fdw3lcCH
4a7rQ0k4N5zMiLdNmZWEMl4xBh8+s8nJODCUYLlv/f1OqiQdsZnokWd7i/OItQNA
ysMduemUGfFHakQRyoEVmHdkFsI2ryZpbWPTLN70zBqVxzXGMrF6Trtfv5RkEdh/
zeM5qeufvIXxVGUV2XSKk0mIvHeue5cNC3y95olaxwtDNDNUSlmIf50rqlGSEkKq
/kl5w07kImYUvyk99SqieflokafeRBtBHbMXv9xWbtVeGwlI9kk9RrXaM4i2ckMc
D6rYZJkdHPWNNw1KloEGXDQ7wbjs2DkrdhzmDi21XqRAX/ndr8J5Qs3gGGepJUym
nBNZzEJfYD9OAekxQh/1yIKzH9yK4SYYdWsZ40uEdlxmCdlaeYQZNBvjzN1flvfc
exZkubZcN0o8WPODxyQ1WwyfKbzj9vTr4wvRWgMh8RLKJgwVKnLPDDCouP7suvmd
UAbzd48WZrA=T7IS
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Red Hat Security Advisory 2021-2095-01

Red Hat Security Advisory 2021-2095-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-2095-01

Share This

Red Hat Security Advisory 2021-2095-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems