-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Low: Release of OpenShift Serverless 1.26.0
Advisory ID:       RHSA-2022:8938-01
Product:           RHOSS
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8938
Issue date:        2022-12-13
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527
                   CVE-2021-43565 CVE-2022-1304 CVE-2022-2509
                   CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
                   CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
                   CVE-2022-22624 CVE-2022-22628 CVE-2022-22629
                   CVE-2022-22662 CVE-2022-26700 CVE-2022-26709
                   CVE-2022-26710 CVE-2022-26716 CVE-2022-26717
                   CVE-2022-26719 CVE-2022-27191 CVE-2022-27404
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-30293
                   CVE-2022-37434 CVE-2022-39399
====================================================================
1. Summary:

Release of OpenShift Serverless 1.26.0
The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11.

This release includes security and bug fixes, and enhancements.
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2142799 - Release of OpenShift Serverless Serving 1.26.0
2142801 - Release of OpenShift Serverless Eventing 1.26.0

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2020-35525
https://access.redhat.com/security/cve/CVE-2020-35527
https://access.redhat.com/security/cve/CVE-2021-43565
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-3515
https://access.redhat.com/security/cve/CVE-2022-21618
https://access.redhat.com/security/cve/CVE-2022-21619
https://access.redhat.com/security/cve/CVE-2022-21624
https://access.redhat.com/security/cve/CVE-2022-21626
https://access.redhat.com/security/cve/CVE-2022-21628
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-27404
https://access.redhat.com/security/cve/CVE-2022-27405
https://access.redhat.com/security/cve/CVE-2022-27406
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-37434
https://access.redhat.com/security/cve/CVE-2022-39399
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY5gAzdzjgjWX9erEAQhhRw//fdQymw2E94sKQ0oIESo8CDdpa5jcoO1T
EkGfFF5P72pt5seIEgfkbvz5RZkJeH0jdBLEjnqCsZcmpY9kbfbORgJ9JqniQ7fC
kBo4KuUtv0fmF98YTtqn/xIJmvRV8fbclImaBvg9Eetqe8dmhF1I4F0r7boepWPi
89tuFUXTI1N8/lMcsksH/H+RWLy+jvczooBq1AvjhntFseVBPyGYKpkpnTNruj5y
fOGTE/GFqP9xb7RJ15kOobyaK6ru6FFN2Zh/H8gr3Olttw+OBUsvxQBZ8rdJ3wu0
SVNqqiA9H7u0wlGHK0pbXvVSodlS8ZAGO4WoeJUH2NPk5vrF4D7nSu1Tm4hbFEAa
I78hF+aFFwVWYEFQxlf5rb57rtI25iIv7INal/usVmY2NlpqsNflnVBQ8jrNiOSk
Zkpy9iCpRbJTwWwuVLxxbJyCJtP/jpzvJjPkPk/o5jJ393BtU1LJL3OwcpL40uhg
r8VkRgOcp9Xjn9KNjggO5gy8RcN6DyRnAfUrpx9x6M/fHQVGlpHNyhhVHMRWsROq
o07+rtO6gdyTZEpLrtRABW8akiuZIb0/nCKPFo3BXmcbdhDGvYgiROUSnM/OLyUM
ga9ShP+GRB7dDSfqGz/sfe8xs4GHGH56g4LVWgWfU82bSlI1dnrtUo7heEsJ1yTP
y5P3+aYsKc0ªo3
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce