exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01
Posted Aug 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-40528, CVE-2022-1705, CVE-2022-1962, CVE-2022-1996, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-21698, CVE-2022-22576, CVE-2022-24675, CVE-2022-24921, CVE-2022-25313, CVE-2022-25314, CVE-2022-27774
SHA-256 | ed2fc17ea4fea7b280250203da1e4e161fa8403846ac647afd3762bf7b3aada3

Red Hat Security Advisory 2022-6040-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Release of OpenShift Serverless 1.24.0
Advisory ID: RHSA-2022:6040-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6040
Issue date: 2022-08-10
CVE Names: CVE-2021-40528 CVE-2022-1705 CVE-2022-1962
CVE-2022-1996 CVE-2022-21540 CVE-2022-21541
CVE-2022-21549 CVE-2022-21698 CVE-2022-22576
CVE-2022-24675 CVE-2022-24921 CVE-2022-25313
CVE-2022-25314 CVE-2022-27774 CVE-2022-27776
CVE-2022-27782 CVE-2022-28131 CVE-2022-28327
CVE-2022-29824 CVE-2022-30629 CVE-2022-30630
CVE-2022-30631 CVE-2022-30632 CVE-2022-30633
CVE-2022-30635 CVE-2022-32148 CVE-2022-34169
====================================================================
1. Summary:

Release of OpenShift Serverless 1.24.0

The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:
- - prometheus/client_golang: Denial of service using
InstrumentHandlerCounter (CVE-2022-21698)
- - go-restful: Authorization Bypass Through User-Controlled Key
(CVE-2022-1996)
- - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
- - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- - golang: go/parser: stack exhaustion in all Parse* functions
(CVE-2022-1962)
- - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- - golang: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working (CVE-2022-32148)
- - golang: net/http: improper sanitization of Transfer-Encoding header
(CVE-2022-1705)
- - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
- - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
- - golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)
- - golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)
- - golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- - golang: crypto/tls: session tickets lack random ticket_age_add
(CVE-2022-30629)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2094982 - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

5. References:

https://access.redhat.com/security/cve/CVE-2021-40528
https://access.redhat.com/security/cve/CVE-2022-1705
https://access.redhat.com/security/cve/CVE-2022-1962
https://access.redhat.com/security/cve/CVE-2022-1996
https://access.redhat.com/security/cve/CVE-2022-21540
https://access.redhat.com/security/cve/CVE-2022-21541
https://access.redhat.com/security/cve/CVE-2022-21549
https://access.redhat.com/security/cve/CVE-2022-21698
https://access.redhat.com/security/cve/CVE-2022-22576
https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-24921
https://access.redhat.com/security/cve/CVE-2022-25313
https://access.redhat.com/security/cve/CVE-2022-25314
https://access.redhat.com/security/cve/CVE-2022-27774
https://access.redhat.com/security/cve/CVE-2022-27776
https://access.redhat.com/security/cve/CVE-2022-27782
https://access.redhat.com/security/cve/CVE-2022-28131
https://access.redhat.com/security/cve/CVE-2022-28327
https://access.redhat.com/security/cve/CVE-2022-29824
https://access.redhat.com/security/cve/CVE-2022-30629
https://access.redhat.com/security/cve/CVE-2022-30630
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-30632
https://access.redhat.com/security/cve/CVE-2022-30633
https://access.redhat.com/security/cve/CVE-2022-30635
https://access.redhat.com/security/cve/CVE-2022-32148
https://access.redhat.com/security/cve/CVE-2022-34169
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYvPzktzjgjWX9erEAQjHog/+IxC/6/FWO6TKhG89beVQf9jo6/Llc04v
54IZhzdoBE2q9TbVFkip38ZDAPf1P02A61GDKYvmTumFD3Q2gSR12yGpmu2tof/X
nHqqtVcgn85vD5XhS/diDo0tOi/Um6SvhZKkQ5tzqmsdkj3BH2tBdwDl1PN1zRag
MsJDhZwwljhP3Qc1TVApj1nUSQHHQuINi1NmVr8Xb2erM3rJ6UdtbYC4dn4Jb6jn
6W7fwodFEo+MaK34k8hHoTHJA5Xi318IlkuKFRsP/bgq+Sb7ffYd312Hx2S46fvm
XbkLZCrPcuoYRc30dFbHsAol58V06sb4hsI2twAlQXU/t7iRFZmQNQz1KnBPoJx6
xlcsPlzjGIskB8hGd/gnTB55Zca1LbDX6j975t1YXABD3XBBgeK7nxjvkg0B/Z2D
cBcBgsfch/eqnw7WNwKsDWCy7ug4rKHJnAksZmFpSEdz+MX/YZ0AFJEqWNBvj/7p
4QAto4S5ETWqOpF8fqXdIqXDaI0QWVYAMiuMdVOy39M1/IOasF2h8WN1dkAlVFzr
ktwHCl8weiREhDYvtvlChF6ezeoPGkvE3AvuPnikK64VMavvlOPeYaiEGaa9gav3
vlG1B2GqtmS1JuYYYkTO/q9X3vnwDNLQ8muhrhNWMDD39DPCGQfFggGyANyn0CtF
15XijXHat48=JrS7
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close