Red Hat Security Advisory 2022-1292-01

Red Hat Security Advisory 2022-1292-01: Posted Apr 12, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-1292-01 - This version of the OpenShift Serverless Operator, which is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes a security fix. For more information, see the documentation listed in the References section. Issues addressed include a code execution vulnerability.; tags | advisory, code execution; systems | linux, redhat; advisories | CVE-2022-22963; SHA-256 | af9c3ede75f6e92eac6576134c67a7192ade183a9daffb8552b6f816d77026cd; Download | Favorite | View

Red Hat Security Advisory 2022-1292-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: Release of OpenShift Serverless 1.21.1
Advisory ID:       RHSA-2022:1292-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1292
Issue date:        2022-04-11
CVE Names:         CVE-2022-22963 
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.21.1

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

This version of the OpenShift Serverless Operator, which is supported on
Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10,
includes a security fix. For more information, see the documentation listed
in the References section.

Security Fix(es):

* spring-cloud-function: Remote code execution by malicious Spring
Expression (CVE-2022-22963)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2070668 - CVE-2022-22963 spring-cloud-function: Remote code execution by malicious Spring Expression

5. References:

https://access.redhat.com/security/cve/CVE-2022-22963
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/security/vulnerabilities/RHSB-2022-003
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYlVRTdzjgjWX9erEAQgR4hAAh66FM9+lM2X7d2l44qBtnX52PqWkNIMd
7DnRFFp+bqHyh3Hx7taxlcb6av9yVwmb6WnxOF9gqyJnq0UrprauaDIz/EOjFiNK
y3blJVaR7cbBlvbBLoQZcWcMLoKWkW8yyNiMDKjgHTN+HQLXPTnfGtaaAPR6CxIl
VIxCO048FAH+eGSZ7UdO7JpCO2RndjZum2gCHL6nKRB4bSGkMok7zoZskPdnZL89
gtJVo5zmd74Q9/3Mhwv3W1pi82dxQF+FlMQeo9LeGVtCE7Cs0Jq58cl0/Jt8axsW
0w+QQ1ZMZkXgc2qY1N7gpAGqsKt738ZcC/LKRbpKRhk7Y81JYnyT7y+rZCWQfGH/
v1sKtKnULhEHiVWVNYnyTif8E1RXbZFJEO6RaDYersgCaS0qR9VscWogT/m6Vmk9
/rXQdyghyA08derh0UTEcbVwUZvzqSmSo7KcUtGeTP3Jy9xd76hK3+/hiJL45gyT
0I8HwyQprwrNXjijD3EY0a1U4ke4ufyDqhHgQzNAkyhwFZGtjE5dYnaYckZVG0h0
iw/BCa9v/PvJ62vAEEeKmuLxd9OY8J1RvkxLI41TDWs1OICEiTytBoKcbtkhgfVN
h/PwbrbMWPH/5N5QS0yNxASDnvNZ9EuQTBizwEQkHYArXoSIBKQWdqODqpRD6u2X
i8LdSrRG05U=
=vkMk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Jann Horn 5 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Google Security Research 5 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,642)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,504)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Red Hat Security Advisory 2022-1292-01

Red Hat Security Advisory 2022-1292-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2022-1292-01

Share This

Red Hat Security Advisory 2022-1292-01

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems