RHSA-2022:8938-01: Low: Release of OpenShift Serverless 1.26.0

Red Hat 8999 Published by

An OpenShift Serverless 1.26.0 update has been released.



RHSA-2022:8938-01: Low: Release of OpenShift Serverless 1.26.0



=====================================================================
Red Hat Security Advisory

Synopsis: Low: Release of OpenShift Serverless 1.26.0
Advisory ID: RHSA-2022:8938-01
Product: RHOSS
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:8938
Issue date: 2022-12-13
CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527
CVE-2021-43565 CVE-2022-1304 CVE-2022-2509
CVE-2022-3515 CVE-2022-21618 CVE-2022-21619
CVE-2022-21624 CVE-2022-21626 CVE-2022-21628
CVE-2022-22624 CVE-2022-22628 CVE-2022-22629
CVE-2022-22662 CVE-2022-26700 CVE-2022-26709
CVE-2022-26710 CVE-2022-26716 CVE-2022-26717
CVE-2022-26719 CVE-2022-27191 CVE-2022-27404
CVE-2022-27405 CVE-2022-27406 CVE-2022-30293
CVE-2022-37434 CVE-2022-39399
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.26.0
The References section contains CVE links providing detailed severity
ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.

2. Description:

Version 1.26.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, and 4.11.

This release includes security and bug fixes, and enhancements.
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)

For more details about the security issues, including the impact; a CVSS
score;
acknowledgments; and other related information refer to the CVE pages
linked in
the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.8 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
See the Red Hat OpenShift Container Platform 4.9 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
See the Red Hat OpenShift Container Platform 4.10 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
See the Red Hat OpenShift Container Platform 4.11 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

4. Bugs fixed (  https://bugzilla.redhat.com/):

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2142799 - Release of OpenShift Serverless Serving 1.26.0
2142801 - Release of OpenShift Serverless Eventing 1.26.0

5. References:

  https://access.redhat.com/security/cve/CVE-2016-3709
  https://access.redhat.com/security/cve/CVE-2020-35525
  https://access.redhat.com/security/cve/CVE-2020-35527
  https://access.redhat.com/security/cve/CVE-2021-43565
  https://access.redhat.com/security/cve/CVE-2022-1304
  https://access.redhat.com/security/cve/CVE-2022-2509
  https://access.redhat.com/security/cve/CVE-2022-3515
  https://access.redhat.com/security/cve/CVE-2022-21618
  https://access.redhat.com/security/cve/CVE-2022-21619
  https://access.redhat.com/security/cve/CVE-2022-21624
  https://access.redhat.com/security/cve/CVE-2022-21626
  https://access.redhat.com/security/cve/CVE-2022-21628
  https://access.redhat.com/security/cve/CVE-2022-22624
  https://access.redhat.com/security/cve/CVE-2022-22628
  https://access.redhat.com/security/cve/CVE-2022-22629
  https://access.redhat.com/security/cve/CVE-2022-22662
  https://access.redhat.com/security/cve/CVE-2022-26700
  https://access.redhat.com/security/cve/CVE-2022-26709
  https://access.redhat.com/security/cve/CVE-2022-26710
  https://access.redhat.com/security/cve/CVE-2022-26716
  https://access.redhat.com/security/cve/CVE-2022-26717
  https://access.redhat.com/security/cve/CVE-2022-26719
  https://access.redhat.com/security/cve/CVE-2022-27191
  https://access.redhat.com/security/cve/CVE-2022-27404
  https://access.redhat.com/security/cve/CVE-2022-27405
  https://access.redhat.com/security/cve/CVE-2022-27406
  https://access.redhat.com/security/cve/CVE-2022-30293
  https://access.redhat.com/security/cve/CVE-2022-37434
  https://access.redhat.com/security/cve/CVE-2022-39399
  https://access.redhat.com/security/updates/classification/#low
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.

Kdenlive 22.12 released

USN-5774-1: Linux kernel (Azure) vulnerabilities

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...