Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01: Posted Feb 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2016-3709, CVE-2021-46848, CVE-2022-1304, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22662, CVE-2022-2509, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719; SHA-256 | d74c2b6b1c62d693d57db76c63de91764880b79a4290536d13c383c06f3ce55d; Download | Favorite | View

Red Hat Security Advisory 2023-0709-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless 1.27.0
Advisory ID:       RHSA-2023:0709-01
Product:           RHOSS
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0709
Issue date:        2023-02-09
CVE Names:         CVE-2016-3709 CVE-2021-46848 CVE-2022-1304
                   CVE-2022-2509 CVE-2022-2879 CVE-2022-2880
                   CVE-2022-22624 CVE-2022-22628 CVE-2022-22629
                   CVE-2022-22662 CVE-2022-26700 CVE-2022-26709
                   CVE-2022-26710 CVE-2022-26716 CVE-2022-26717
                   CVE-2022-26719 CVE-2022-27664 CVE-2022-30293
                   CVE-2022-35737 CVE-2022-40303 CVE-2022-40304
                   CVE-2022-41715 CVE-2022-42010 CVE-2022-42011
                   CVE-2022-42012 CVE-2022-42898 CVE-2022-43680
                   CVE-2023-21835 CVE-2023-21843
====================================================================
1. Summary:

Release of OpenShift Serverless 1.27.0
The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.

This release includes security and bug fixes, and enhancements.
* golang: regexp/syntax: limit memory used by parsing regexps
(CVE-2022-41715)
* golang: net/http: handle server errors after sending GOAWAY
(CVE-2022-27664)
* golang: net/http/httputil: ReverseProxy should not forward unparseable
query parameters (CVE-2022-2880)
* golang: archive/tar: unbounded memory consumption when reading headers
(CVE-2022-2879)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
2154755 - Release of OpenShift Serverless Eventing 1.27.0
2154757 - Release of OpenShift Serverless Serving 1.27.0

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2021-46848
https://access.redhat.com/security/cve/CVE-2022-1304
https://access.redhat.com/security/cve/CVE-2022-2509
https://access.redhat.com/security/cve/CVE-2022-2879
https://access.redhat.com/security/cve/CVE-2022-2880
https://access.redhat.com/security/cve/CVE-2022-22624
https://access.redhat.com/security/cve/CVE-2022-22628
https://access.redhat.com/security/cve/CVE-2022-22629
https://access.redhat.com/security/cve/CVE-2022-22662
https://access.redhat.com/security/cve/CVE-2022-26700
https://access.redhat.com/security/cve/CVE-2022-26709
https://access.redhat.com/security/cve/CVE-2022-26710
https://access.redhat.com/security/cve/CVE-2022-26716
https://access.redhat.com/security/cve/CVE-2022-26717
https://access.redhat.com/security/cve/CVE-2022-26719
https://access.redhat.com/security/cve/CVE-2022-27664
https://access.redhat.com/security/cve/CVE-2022-30293
https://access.redhat.com/security/cve/CVE-2022-35737
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41715
https://access.redhat.com/security/cve/CVE-2022-42010
https://access.redhat.com/security/cve/CVE-2022-42011
https://access.redhat.com/security/cve/CVE-2022-42012
https://access.redhat.com/security/cve/CVE-2022-42898
https://access.redhat.com/security/cve/CVE-2022-43680
https://access.redhat.com/security/cve/CVE-2023-21835
https://access.redhat.com/security/cve/CVE-2023-21843
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY+VrqNzjgjWX9erEAQi1Nw/8DCVirnZtM1Wq+2yFNXI8UDqXZ2iQr3mC
Zu8qwulEdB1Lv1RavqLNg6xPZtSUdf8JC3Mti4efHr1GQJQjKS5mqSa8aVWhaqr9
g/Gm/FuPI6Twnmnvq3HfjWVNkh+UmBn71slp9orIFEisTZ+IoMB0FNVz7NoKYgiV
kvGI6phyDRjXTfYNpMvxAKvxo8mTK3WoZ62ziP4QUHykiqTFczDi41HjdzIfMmAg
CvCLLVthmeVqty5CpHhqYE1cnTUIxD/mXLBYHmp8SySIfG0wp7k7zkUAP++Gfln5
srlrk7sSvJvalu09HleDbP88eZpqYV7UmU2RF4zgFS/zOMQhTwCKiE/ttu2D7H0c
TJejLaru9mKLkA6FPG5pakeTstPhVNWl7RoYEJKkdNIw55SR0TxRgK5Pw6ZYyOyU
RPfTr3vLGvxpg2bWy4rUb9sBzoRlRbhVMCy0JIjoNTGEmzVnA1NeBcx7oyrAFnRr
p83xfVKRa7/x8JTeE+34y9Klup0DH48Q5JMlDlaIM2UpKzkjJInMvKAkTv95Y10e
T2Wc6ssEeGN9XkNPguyrfGtE/i6czWDZJ7Fm2/YHJAjdXFREImPNS0FwBT8fb4vt
0/E2JjVdhe5X7Xz2AX0DdH7QIQlC4DO8j0qcD+ySj3ns3muWjvlbGdVSaZwGsuiP
DRfusJZsblI=WWWr
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 98 files
indoushka 37 files
Gentoo 29 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,560)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,418)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,704)
UNIX (9,432)
UnixWare (187)
Windows (6,668)
Other

Red Hat Security Advisory 2023-0709-01

Red Hat Security Advisory 2023-0709-01

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-0709-01

Share This

Red Hat Security Advisory 2023-0709-01

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems