-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.27.1 Advisory ID: RHSA-2023:1181-01 Product: RHOSS Advisory URL: https://access.redhat.com/errata/RHSA-2023:1181 Issue date: 2023-03-09 CVE Names: CVE-2021-46848 CVE-2022-4415 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41717 CVE-2022-47629 CVE-2022-48303 ==================================================================== 1. Summary: OpenShift Serverless version 1.27.1 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score. 2. Description: Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements. Security Fixes in this release include: - - golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests(CVE-2022-41717) For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section. 3. Solution: See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index See the Red Hat OpenShift Container Platform 4.12 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZApNndzjgjWX9erEAQgx3A//XC7IvjWnzDjQt53reCH5H/v1zyHJf6Rs KN4XuZW4p8lc6ZpKN8X78qHDkTKxemf+6odV2GiglJUSelCGys4+3C/F25glcrHj +LlIdW7GTFverx0cRcEMND/w0pAKJyrSI0WlehwIb8D41oeaJpSOHaRt8TxcWb5g p+pPk3k5lYvOjLrHNq14MIOeFg5Bl5Mif4zojDEbF6Rtu/F0PJGYgtlwqM3+dqi+ qrbk24718H0HcnUEJlN1Bt2eur6w6kbziJkKnttMbZOUACb4Vvl2uRKr2Gw3jmgn vtlfGWyip2um22ivWgefk/vLs4v7gB4bZvBHXfCruTPASnhnB/gq/qKDFx6vfUmr h8r8Gq5Du7o73jZAGRqqoKSrGF7trTOub5wRg/HsdKXES7+lX/oV9ZMG3FNFvawB jiRm+8z8wfZpRLqlREyghCGlW9ndnp5UwlczeBeHx08UgH2lRMEZ5Ysmeh9Gcq9U rBNNMgmUaDEaPAmA9R4vYeZ79HteNyPTxQEmsI6m7RC68hg/1Ufolc7FuhYJnvBy tfHwn3SBOAyph/W+H6Y43eOCJj0bAm/TY3EskqcW0jfUcilAoz3Rjckkei5l6odF a72Qu0O6R+N8a+TDqN1w3b9vac3PLGPEEi0T72xhjKgQn3JjqkN+/btqiTlVVApW 5uF0KKJGYLM=Ytdh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce