-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.14.1 security update Advisory ID: RHSA-2021:2093-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2021:2093 Issue date: 2021-05-24 CVE Names: CVE-2021-3114 CVE-2021-3115 ===================================================================== 1. Summary: An update for openshift-serverless-1-kn-cli-artifacts-rhel8-container, openshift-serverless-1-knative-rhel8-operator-container, and openshift-serverless-1-serverless-operator-bundle-container is now available for Openshift Serveless 1.14. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Serverless 1.14.1 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * golang: cmd/go: packages using cgo can cause arbitrary code execution at build time (CVE-2021-3115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time 5. References: https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3115 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKulBtzjgjWX9erEAQjm/hAAlFWbvMzsbylfgz8oXCZ5BBNoUDCNDRFB AVu5C41w03Mi8pdur/xiGE1Vj64Hd/ldcbIgpqTqPyAVWV33/YRdN/Rt6y4LIqDm Dcp0YH8ADA7CMicXZEo2VZyoIm9F2f1NpX7zNF3AWJ6hqUEdabPKZTVj12XK+uNw spD6PhTlskKDImSIuM8oZvEPiVTlSNrOxVyN21m70NsLOb4fLJI3OLKaj/N3oJ9Z 8mJnPvgkketwshSgsAmXowMmWJ+/3FCBctvZyR9iPpY0l4dpItsNonHYOP5Qzhpr 8/J+atCEMgK3WXJxgZ+aq5osPgI7pIqfoVBy3iv87YjMoEAUX0/y5JCHhzhq13mC LtF3LLSVb7BQzMZuPJmGN3sjG5Ep7LDyl030TuAb/phpggucJ3ZAzrB77mMK5+il AaaW/v4wtWdcXMCezz8dQr2iWrHd2zdSf94UgOgSHXvw0RluXhFalqJKhtzQ2q+V 6ykKF4LOCPf7Cl0BD1SOi5KuAj2CK22rf4SLq5EvZ02JJPieYQQxiKnJ53Ucfo1b sH8q59wpM9UjktBWs8GK1iPdfcfVyuCF61bCgH/AZHv1m+7NeFSmjPSkO5vWFwhE 6r28oEn2zyOJNjhI4cPlyuN1JckgGJhTkyF8YtHxiSSgE2gM2kl2oXOPmeFWmabO btflHE/tbT4= =9XfM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce