-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Release of OpenShift Serverless Version 1.22.0 Advisory ID: RHSA-2022:1747-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2022:1747 Issue date: 2022-05-09 CVE Names: CVE-2018-25032 CVE-2021-3999 CVE-2021-23177 CVE-2021-31566 CVE-2021-41771 CVE-2021-41772 CVE-2021-45960 CVE-2021-46143 CVE-2022-0778 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: OpenShift Serverless version 1.22.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score. 2. Description: Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. This release includes security and bug fixes and enhancements. For more information, see the documentation linked in the Solution section. Security Fixes in this release include: * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section. 3. Solution: For details about the Security fixes, see these Red Hat OpenShift Container Platform documentation: * Red Hat OpenShift Container Platform 4.6: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * Red Hat OpenShift Container Platform 4.7: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * Red Hat OpenShift Container Platform 4.8: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * Red Hat OpenShift Container Platform 4.9: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * Red Hat OpenShift Container Platform 4.10: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnnnQ9zjgjWX9erEAQic0Q//cW5IAvm8QzwixbMplWldv7uksp2XHcs7 KbpNwCCik3nmiNlfJHHQcyROFaBxksCM8DO4x50yRhFoi6BRYXdOwr8Q9Z19/EVb MeTjG7FHpn3PqyO98/1UH71TB1OIZq7i6Xw7GTWtm0W/zNmwQKFdjTmUvEtRGY9T R0Eg+oYQXo2AuW3sADH13lR3NP+DfgQCDqYaLldodSRVo2V24woQrj4ZZ5b4suTT gDe1XiELiayGRNO9/gMQyRUUcyj4BrWL4DQAXcfr2/txmxDr/PvWVL3IPpOJz9Rv CBPlGVuTb7GIwY/QUARiqQesKGb2DlR+iua8MGGyEhWmCtAdh9WPHYypZJKLMQzJ 0XoVRP9VOiNaU7foHY2r3fLk6niSpo7GNm6NdK7y1DklP3kXBd8xsLcNlm9DFwHl uPsrFkBeYVEDTWPSrp/P7tpwSh1ADct+zPiEttKM02tnOSNfHgKOf1oLdUmgsyXT h6YzSYsu94E1vqcsE0NYcT30Ly5tw+/PydDFHur4bQzBzxMIz8rZusaLwhBgD2nH RhWTMvW9xt1aMRgyBlVRBXLU+9WhhE//GyKxeryRUqkT5+i+JLI4pqp/8JkaSAxu yyBHDl/49lbzEdOrRS0qGmYwReFlzWlbDQlpxBzVx2/weac7zC8COiOBiiFbQ+iT wpa+OWoDOzwÏBR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce