what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01
Posted Aug 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-40528, CVE-2022-1705, CVE-2022-1962, CVE-2022-1996, CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-21698, CVE-2022-22576, CVE-2022-24675, CVE-2022-24921, CVE-2022-25313, CVE-2022-25314, CVE-2022-27774
SHA-256 | ed2fc17ea4fea7b280250203da1e4e161fa8403846ac647afd3762bf7b3aada3

Red Hat Security Advisory 2022-6040-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Release of OpenShift Serverless 1.24.0
Advisory ID: RHSA-2022:6040-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6040
Issue date: 2022-08-10
CVE Names: CVE-2021-40528 CVE-2022-1705 CVE-2022-1962
CVE-2022-1996 CVE-2022-21540 CVE-2022-21541
CVE-2022-21549 CVE-2022-21698 CVE-2022-22576
CVE-2022-24675 CVE-2022-24921 CVE-2022-25313
CVE-2022-25314 CVE-2022-27774 CVE-2022-27776
CVE-2022-27782 CVE-2022-28131 CVE-2022-28327
CVE-2022-29824 CVE-2022-30629 CVE-2022-30630
CVE-2022-30631 CVE-2022-30632 CVE-2022-30633
CVE-2022-30635 CVE-2022-32148 CVE-2022-34169
====================================================================
1. Summary:

Release of OpenShift Serverless 1.24.0

The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:
- - prometheus/client_golang: Denial of service using
InstrumentHandlerCounter (CVE-2022-21698)
- - go-restful: Authorization Bypass Through User-Controlled Key
(CVE-2022-1996)
- - golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
- - golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- - golang: go/parser: stack exhaustion in all Parse* functions
(CVE-2022-1962)
- - golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- - golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- - golang: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working (CVE-2022-32148)
- - golang: net/http: improper sanitization of Transfer-Encoding header
(CVE-2022-1705)
- - golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
- - golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
- - golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)
- - golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)
- - golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- - golang: crypto/tls: session tickets lack random ticket_age_add
(CVE-2022-30629)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2094982 - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

5. References:

https://access.redhat.com/security/cve/CVE-2021-40528
https://access.redhat.com/security/cve/CVE-2022-1705
https://access.redhat.com/security/cve/CVE-2022-1962
https://access.redhat.com/security/cve/CVE-2022-1996
https://access.redhat.com/security/cve/CVE-2022-21540
https://access.redhat.com/security/cve/CVE-2022-21541
https://access.redhat.com/security/cve/CVE-2022-21549
https://access.redhat.com/security/cve/CVE-2022-21698
https://access.redhat.com/security/cve/CVE-2022-22576
https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-24921
https://access.redhat.com/security/cve/CVE-2022-25313
https://access.redhat.com/security/cve/CVE-2022-25314
https://access.redhat.com/security/cve/CVE-2022-27774
https://access.redhat.com/security/cve/CVE-2022-27776
https://access.redhat.com/security/cve/CVE-2022-27782
https://access.redhat.com/security/cve/CVE-2022-28131
https://access.redhat.com/security/cve/CVE-2022-28327
https://access.redhat.com/security/cve/CVE-2022-29824
https://access.redhat.com/security/cve/CVE-2022-30629
https://access.redhat.com/security/cve/CVE-2022-30630
https://access.redhat.com/security/cve/CVE-2022-30631
https://access.redhat.com/security/cve/CVE-2022-30632
https://access.redhat.com/security/cve/CVE-2022-30633
https://access.redhat.com/security/cve/CVE-2022-30635
https://access.redhat.com/security/cve/CVE-2022-32148
https://access.redhat.com/security/cve/CVE-2022-34169
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYvPzktzjgjWX9erEAQjHog/+IxC/6/FWO6TKhG89beVQf9jo6/Llc04v
54IZhzdoBE2q9TbVFkip38ZDAPf1P02A61GDKYvmTumFD3Q2gSR12yGpmu2tof/X
nHqqtVcgn85vD5XhS/diDo0tOi/Um6SvhZKkQ5tzqmsdkj3BH2tBdwDl1PN1zRag
MsJDhZwwljhP3Qc1TVApj1nUSQHHQuINi1NmVr8Xb2erM3rJ6UdtbYC4dn4Jb6jn
6W7fwodFEo+MaK34k8hHoTHJA5Xi318IlkuKFRsP/bgq+Sb7ffYd312Hx2S46fvm
XbkLZCrPcuoYRc30dFbHsAol58V06sb4hsI2twAlQXU/t7iRFZmQNQz1KnBPoJx6
xlcsPlzjGIskB8hGd/gnTB55Zca1LbDX6j975t1YXABD3XBBgeK7nxjvkg0B/Z2D
cBcBgsfch/eqnw7WNwKsDWCy7ug4rKHJnAksZmFpSEdz+MX/YZ0AFJEqWNBvj/7p
4QAto4S5ETWqOpF8fqXdIqXDaI0QWVYAMiuMdVOy39M1/IOasF2h8WN1dkAlVFzr
ktwHCl8weiREhDYvtvlChF6ezeoPGkvE3AvuPnikK64VMavvlOPeYaiEGaa9gav3
vlG1B2GqtmS1JuYYYkTO/q9X3vnwDNLQ8muhrhNWMDD39DPCGQfFggGyANyn0CtF
15XijXHat48=JrS7
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close