-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.14.0 security update Advisory ID: RHSA-2021:1338-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2021:1338 Issue date: 2021-04-22 CVE Names: CVE-2021-3114 CVE-2021-3115 CVE-2021-3449 CVE-2021-3450 CVE-2021-20305 ===================================================================== 1. Summary: Release of OpenShift Serverless 1.14.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Serverless 1.14.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * golang: cmd/go: packages using cgo can cause arbitrary code execution at build time (CVE-2021-3115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time 1935897 - Release of OpenShift Serverless Serving 1.14.0 1935898 - Release of OpenShift Serverless Eventing 1.14.0 5. References: https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3115 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIHLCtzjgjWX9erEAQjPLg/9Gc50P8EDERriS4fj20MoBk3+LYDBcuCA 7GDOkY58KlcTQ4F/yBi1T3vEzrn07aQkOS3N2hjLWqc5m+qzUQeEA8IO71sMZg27 Q9nH4kBaRdVMwZTJ0ZadErgrdYhubLTPXiMk6PZzxnWn4GIvKW7cdvnGS0jZUE/r WAwzqccLdvAamb9j35Ch+6OQYI5Q2/8Gzz9ruPrdSGbgwvLntkvkPJrUFQ4vKHii R/VB6ZSKDxwAirqKgfNpm2uwH594IorWNgQ9tLbW3qSDWGhj/XaN1UcuCcZnXhd6 vr9jmUhsluhPdSSx3cnwAXNXj6MN+RGr/YjQ8GV0XEOamkZhw9fCahdvJhAWf2C3 40vU2X01rT2piOCdIekx4LrGpnotddEGR30eJhpo5yDehHjhcQ+fif9a3Dk7ybdo 2yTprANKIiQQv0PytB4LHp0aVsL2qC6uxZBZOvmk9BnFOC/Rxl5UjNJ1MEqXjmw1 ElPUbk37euf3vwMk8Xm4yHb4vVa5J03c1E8AvxSN8l95H7I/XWDFcBNuSU5QAYm/ Ak9t8FV4GKT+8crIpXRbnR8AGXnbT1nut0fNLU5h+aCIOJA6dge04UliFHFW1MIp 6M0o9gZ5oTOXpwvVqK5GvfC8r9x+rinJ0COVoCPaD/z5G/rCMiuoVbwkYwwxqKNl QF+X9ZbFZvg= =htxs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce