Red Hat Security Advisory 2023-1181-01

Red Hat Security Advisory 2023-1181-01: Posted Mar 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-1181-01 - OpenShift Serverless version 1.27.1 contains a moderate security impact. This release includes security and bug fixes, and enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-46848, CVE-2022-35737, CVE-2022-40303, CVE-2022-40304, CVE-2022-41717, CVE-2022-4415, CVE-2022-47629, CVE-2022-48303; SHA-256 | a2cddc20d4a4f81ea0203fa4a634a44a82d9e1e0db8b3d1682a8814ffd478cd2; Download | Favorite | View

Red Hat Security Advisory 2023-1181-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless 1.27.1
Advisory ID:       RHSA-2023:1181-01
Product:           RHOSS
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1181
Issue date:        2023-03-09
CVE Names:         CVE-2021-46848 CVE-2022-4415 CVE-2022-35737
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41717
                   CVE-2022-47629 CVE-2022-48303
====================================================================
1. Summary:

OpenShift Serverless version 1.27.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

- - golang: net/http: An attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests(CVE-2022-41717)

For more details about the security issues, including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE
pages linked in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
See the Red Hat OpenShift Container Platform 4.12 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-35737
https://access.redhat.com/security/cve/CVE-2022-40303
https://access.redhat.com/security/cve/CVE-2022-40304
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZApNndzjgjWX9erEAQgx3A//XC7IvjWnzDjQt53reCH5H/v1zyHJf6Rs
KN4XuZW4p8lc6ZpKN8X78qHDkTKxemf+6odV2GiglJUSelCGys4+3C/F25glcrHj
+LlIdW7GTFverx0cRcEMND/w0pAKJyrSI0WlehwIb8D41oeaJpSOHaRt8TxcWb5g
p+pPk3k5lYvOjLrHNq14MIOeFg5Bl5Mif4zojDEbF6Rtu/F0PJGYgtlwqM3+dqi+
qrbk24718H0HcnUEJlN1Bt2eur6w6kbziJkKnttMbZOUACb4Vvl2uRKr2Gw3jmgn
vtlfGWyip2um22ivWgefk/vLs4v7gB4bZvBHXfCruTPASnhnB/gq/qKDFx6vfUmr
h8r8Gq5Du7o73jZAGRqqoKSrGF7trTOub5wRg/HsdKXES7+lX/oV9ZMG3FNFvawB
jiRm+8z8wfZpRLqlREyghCGlW9ndnp5UwlczeBeHx08UgH2lRMEZ5Ysmeh9Gcq9U
rBNNMgmUaDEaPAmA9R4vYeZ79HteNyPTxQEmsI6m7RC68hg/1Ufolc7FuhYJnvBy
tfHwn3SBOAyph/W+H6Y43eOCJj0bAm/TY3EskqcW0jfUcilAoz3Rjckkei5l6odF
a72Qu0O6R+N8a+TDqN1w3b9vac3PLGPEEi0T72xhjKgQn3JjqkN+/btqiTlVVApW
5uF0KKJGYLM=Ytdh
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2023-1181-01

Red Hat Security Advisory 2023-1181-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-1181-01

Share This

Red Hat Security Advisory 2023-1181-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems