RHSA-2021:2705-01: Moderate: Release of OpenShift Serverless 1.16.0

Red Hat 8877 Published by

An OpenShift Serverless 1.16.0 security update has been released.



RHSA-2021:2705-01: Moderate: Release of OpenShift Serverless 1.16.0



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of OpenShift Serverless 1.16.0
Advisory ID: RHSA-2021:2705-01
Product: Red Hat OpenShift Serverless
Advisory URL:   https://access.redhat.com/errata/RHSA-2021:2705
Issue date: 2021-07-13
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708
CVE-2019-3842 CVE-2019-9169 CVE-2019-25013
CVE-2020-8231 CVE-2020-8284 CVE-2020-8285
CVE-2020-8286 CVE-2020-8927 CVE-2020-13434
CVE-2020-13776 CVE-2020-15358 CVE-2020-24977
CVE-2020-27618 CVE-2020-28196 CVE-2020-29361
CVE-2020-29362 CVE-2020-29363 CVE-2021-3326
CVE-2021-27219 CVE-2021-27918 CVE-2021-31525
CVE-2021-33196
=====================================================================

1. Summary:

Release of OpenShift Serverless 1.16.0

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Serverless 1.16.0 release of the OpenShift Serverless
Operator. This version of the OpenShift Serverless Operator is supported on
Red Hat OpenShift Container Platform versions 4.6 and 4.7, and includes
security and bug fixes and enhancements. For more information, see the
documentation listed in the References section.

Security Fix(es):

* golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a
custom TokenReader (CVE-2021-27918)

* golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header (CVE-2021-31525)

* golang: archive/zip: malformed archive may cause panic or memory
exhaustion (CVE-2021-33196)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

See the Red Hat OpenShift Container Platform 4.6 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless_applications/index

See the Red Hat OpenShift Container Platform 4.7 documentation at:
  https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.7/html/serverless/index

4. Bugs fixed (  https://bugzilla.redhat.com/):

1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader
1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion
1971445 - Release of OpenShift Serverless Serving 1.16.0
1971448 - Release of OpenShift Serverless Eventing 1.16.0

5. References:

  https://access.redhat.com/security/cve/CVE-2016-10228
  https://access.redhat.com/security/cve/CVE-2017-14502
  https://access.redhat.com/security/cve/CVE-2019-2708
  https://access.redhat.com/security/cve/CVE-2019-3842
  https://access.redhat.com/security/cve/CVE-2019-9169
  https://access.redhat.com/security/cve/CVE-2019-25013
  https://access.redhat.com/security/cve/CVE-2020-8231
  https://access.redhat.com/security/cve/CVE-2020-8284
  https://access.redhat.com/security/cve/CVE-2020-8285
  https://access.redhat.com/security/cve/CVE-2020-8286
  https://access.redhat.com/security/cve/CVE-2020-8927
  https://access.redhat.com/security/cve/CVE-2020-13434
  https://access.redhat.com/security/cve/CVE-2020-13776
  https://access.redhat.com/security/cve/CVE-2020-15358
  https://access.redhat.com/security/cve/CVE-2020-24977
  https://access.redhat.com/security/cve/CVE-2020-27618
  https://access.redhat.com/security/cve/CVE-2020-28196
  https://access.redhat.com/security/cve/CVE-2020-29361
  https://access.redhat.com/security/cve/CVE-2020-29362
  https://access.redhat.com/security/cve/CVE-2020-29363
  https://access.redhat.com/security/cve/CVE-2021-3326
  https://access.redhat.com/security/cve/CVE-2021-27219
  https://access.redhat.com/security/cve/CVE-2021-27918
  https://access.redhat.com/security/cve/CVE-2021-31525
  https://access.redhat.com/security/cve/CVE-2021-33196
  https://access.redhat.com/security/updates/classification/#moderate
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
  https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.

Fedora 34 Update: glibc-2.33-20.fc34

ELSA-2021-2683 Important: Oracle Linux 7 xstream security update (aarch64)

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...