what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-4863-01

Red Hat Security Advisory 2022-4863-01
Posted Jun 1, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4863-01 - OpenShift Serverless version 1.22.1 contains a moderate security impact.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2021-3634, CVE-2021-3737, CVE-2021-4189, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806
SHA-256 | dda02360413f1824abefb4a0bce3718b9ecc6ba04a0192343b6453bd7257ab9c
Download | Favorite | View

Red Hat Security Advisory 2022-4863-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless Version 1.22.1
Advisory ID:       RHSA-2022:4863-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:4863
Issue date:        2022-06-01
CVE Names:         CVE-2018-25032 CVE-2021-3634 CVE-2021-3737 
                   CVE-2021-4189 CVE-2022-23772 CVE-2022-23773 
                   CVE-2022-23806 
=====================================================================

1. Summary:

OpenShift Serverless version 1.22.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings for each vulnerability. Ratings are based on a Common Vulnerability
Scoring System (CVSS) base score.

2. Description:

Version 1.22.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. 

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:
- - golang: crypto/elliptic IsOnCurve returns true for invalid field
elements(CVE-2022-23806)
- - golang: cmd/go: misinterpretation of branch names can lead to incorrect
access control(CVE-2022-23773)
- - golang: math/big: uncontrolled memory consumption due to an unhandled
overflow via Rat.SetString (CVE-2022-23772)

For more details about the security issues, including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE
pages linked in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

5. JIRA issues fixed (https://issues.jboss.org/):

SRVKE-1217 - New KafkaSource implementation does not default to PLAIN for SASL

6. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2021-3634
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-4189
https://access.redhat.com/security/cve/CVE-2022-23772
https://access.redhat.com/security/cve/CVE-2022-23773
https://access.redhat.com/security/cve/CVE-2022-23806
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYpd09dzjgjWX9erEAQhJnA/9E2DMi3bRFUcyAT7IpjWebeCLewnzLIAU
ZpxSqedhjzdAFO3KVpUHydTBUC4TU4orNDL6VzaFaZCP8kderqsWFdppKKST3Hr7
6zSSY1vBRuJxlX6u+PHMoihYLN3RK1Mz8Iv70gMKQAOmK45IUvYH1qsuUbWMuB7R
WJVsDWTdYy0PQT1+MjIT/LAFt88cMKKXCTLdoV9QVJ8xCYjWixzRKTNzupWQ/YWu
BVMpecXMD3gE1fzBnrwsdU+JspNvE2oD3lo61coSfjtOgoIvyoEz+ndctc7Bf16i
PNRKGzRU2afvULaXtG2Vb5kF5VGziB4S1t+sDfTujXQ0qaEMs/DB4JpA6QIRTTq9
8twhK4XvZHmjEDjyry39w+A1LD1e69135zHfY6dTBaBiIUsbYEccjJq6Joj/dQZp
bzhZZh7Pp0IFbPwL66Icssz2v/ofRB0Jyle3FZEpwxwTRQiE72VDXamHjkkh4kz6
1OvmkjVeUOq8PJZkd3GWg8haDcnEAyuU5huGfFIHJMeYUMYtvBJqBafsJ0V3ZYQy
QRDqqQ6RDnLz5o2URsTwTZ1mlN77m0Bs/Vfcq0w2bVsI/JAcUGY91I3/x0GCSgYj
U8BxPTsYi4XcwTKIVJ0sprMNy6Z4kSpgDYDTBGWzynOQUSHztTehldWWHW5TyHzR
speTkdilI20=
=eEoR
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    16 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close