what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-4863-01

Red Hat Security Advisory 2022-4863-01
Posted Jun 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-4189, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
SHA-256 | dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9c

Red Hat Security Advisory 2022-4863-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of OpenShift Serverless Version 1.22.1
Advisory ID: RHSA-2022:4863-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4863
Issue date: 2022-06-01
CVE Names: CVE-2018-25032 CVE-2021-3634 CVE-2021-3737
CVE-2021-4189 CVE-2022-23772 CVE-2022-23773
CVE-2022-23806
=====================================================================

1. Summary:

OpenShift Serverless version 1.22.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:
- - golang: crypto/elliptic IsOnCurve returns true for invalid field
elements(CVE-2022-23806)
- - golang: cmd/go: misinterpretation of branch names can lead to incorrect
access control(CVE-2022-23773)
- - golang: math/big: uncontrolled memory consumption due to an unhandled
overflow via Rat.SetString (CVE-2022-23772)

For more details about the security issues, including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE
pages linked in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

5. JIRA issues fixed (https://issues.jboss.org/):

SRVKE-1217 - New KafkaSource implementation does not default to PLAIN for SASL

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3634
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-4189
https://access.redhat.com/security/cve/CVE-2022-23772
https://access.redhat.com/security/cve/CVE-2022-23773
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYpd09dzjgjWX9erEAQhJnA/9E2DMi3bRFUcyAT7IpjWebeCLewnzLIAU
ZpxSqedhjzdAFO3KVpUHydTBUC4TU4orNDL6VzaFaZCP8kderqsWFdppKKST3Hr7
6zSSY1vBRuJxlX6u+PHMoihYLN3RK1Mz8Iv70gMKQAOmK45IUvYH1qsuUbWMuB7R
WJVsDWTdYy0PQT1+MjIT/LAFt88cMKKXCTLdoV9QVJ8xCYjWixzRKTNzupWQ/YWu
BVMpecXMD3gE1fzBnrwsdU+JspNvE2oD3lo61coSfjtOgoIvyoEz+ndctc7Bf16i
PNRKGzRU2afvULaXtG2Vb5kF5VGziB4S1t+sDfTujXQ0qaEMs/DB4JpA6QIRTTq9
8twhK4XvZHmjEDjyry39w+A1LD1e69135zHfY6dTBaBiIUsbYEccjJq6Joj/dQZp
bzhZZh7Pp0IFbPwL66Icssz2v/ofRB0Jyle3FZEpwxwTRQiE72VDXamHjkkh4kz6
1OvmkjVeUOq8PJZkd3GWg8haDcnEAyuU5huGfFIHJMeYUMYtvBJqBafsJ0V3ZYQy
QRDqqQ6RDnLz5o2URsTwTZ1mlN77m0Bs/Vfcq0w2bVsI/JAcUGY91I3/x0GCSgYj
U8BxPTsYi4XcwTKIVJ0sprMNy6Z4kSpgDYDTBGWzynOQUSHztTehldWWHW5TyHzR
speTkdilI20=
=eEoR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close