-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: Release of OpenShift Serverless 1.11.0
Advisory ID:       RHSA-2020:5149-01
Product:           Red Hat OpenShift Serverless
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5149
Issue date:        2020-11-18
CVE Names:         CVE-2018-20843 CVE-2019-1551 CVE-2019-5018
                   CVE-2019-13050 CVE-2019-13627 CVE-2019-14889
                   CVE-2019-15903 CVE-2019-16168 CVE-2019-16935
                   CVE-2019-19221 CVE-2019-19906 CVE-2019-19956
                   CVE-2019-20218 CVE-2019-20387 CVE-2019-20388
                   CVE-2019-20454 CVE-2019-20907 CVE-2019-20916
                   CVE-2020-1730 CVE-2020-1751 CVE-2020-1752
                   CVE-2020-6405 CVE-2020-7595 CVE-2020-8177
                   CVE-2020-8492 CVE-2020-9327 CVE-2020-10029
                   CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
                   CVE-2020-14040 CVE-2020-14422
====================================================================
1. Summary:

Release of OpenShift Serverless 1.11.0

2. Description:

Red Hat OpenShift Serverless 1.11.0 is a generally available release of the
OpenShift Serverless Operator. This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform version 4.6.

Security Fix(es):
 * golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

3. Solution:

See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

4. Bugs fixed (https://bugzilla.redhat.com/):

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1889831 - Release of OpenShift Serverless Serving 1.11.0
1889833 - Release of OpenShift Serverless Eventing 1.11.0

5. References:

https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2019-1551
https://access.redhat.com/security/cve/CVE-2019-5018
https://access.redhat.com/security/cve/CVE-2019-13050
https://access.redhat.com/security/cve/CVE-2019-13627
https://access.redhat.com/security/cve/CVE-2019-14889
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2019-16168
https://access.redhat.com/security/cve/CVE-2019-16935
https://access.redhat.com/security/cve/CVE-2019-19221
https://access.redhat.com/security/cve/CVE-2019-19906
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2019-20218
https://access.redhat.com/security/cve/CVE-2019-20387
https://access.redhat.com/security/cve/CVE-2019-20388
https://access.redhat.com/security/cve/CVE-2019-20454
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2019-20916
https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2020-1751
https://access.redhat.com/security/cve/CVE-2020-1752
https://access.redhat.com/security/cve/CVE-2020-6405
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2020-8177
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-9327
https://access.redhat.com/security/cve/CVE-2020-10029
https://access.redhat.com/security/cve/CVE-2020-13630
https://access.redhat.com/security/cve/CVE-2020-13631
https://access.redhat.com/security/cve/CVE-2020-13632
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX7U50tzjgjWX9erEAQiVDRAAlUzM2NA7x7TjcdwED8FCEf+zjqRn/Mpd
H5kTJZnBSW4MOVc0EP1oG7b69MSREdcWszbyJBpENDvJrwJZ2KjtetJ9tudvrJyc
NhQH2kg/wBJufbv7IIDtYYbaMgqqERyTM4OevNe1mCH3/yFJHmVo33WeIP7OQ2me
hWmTG1uVb1TdFIt4yevH9KJUP/uVYJhKpuDTd7jk4zfKhX/a3UjmoF1WPnorJvD0
pkOgwGlkY27o2a1WKjrQHxAecHDXwHZPjLkyhP/GFKhatqDQsAQPKF8GrXq+vX8r
pEWUjVY25wncy49wOrm9V5fPLs/UB2QBesyr7p18WyirA2u6s4vkDnk10CFDxHTv
g57Kz+tVbM93zQ+j5mYguy2cWr19Rip0BCziB6pUG6BNHmFyoLakNj1FIQrk1QXP
cpSCl1WoCFB35plCwgIBd6LI1Oesw7NfyKlSkYYrT88p9B33ZSxMoTvgBqg4SUqf
ijT6SbhqASId3zjUwZjSAeChbmiFkkLDWgsSiX5xfAFkhkVjzX8BPdekVTBY97XX
lCoAW2hbsyDvLr9B2PrUw6TsuQS5aSQ1F/YK3jxybuVY6RyhfGQ9iMKUhErEl+2Z
3uEtKaeDvJ9JOJLln2UIs86FUeRxgt+HUJsN4Lk0aEbEeMNjlhekGVdKjoFt26Du
PQ+QvoHSnZQ=M5kM
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce