Moderate: Release of OpenShift Serverless 1.11.0

Synopsis

Moderate: Release of OpenShift Serverless 1.11.0

Type/Severity

Security Advisory: Moderate

Topic

Release of OpenShift Serverless 1.11.0

Description

Red Hat OpenShift Serverless 1.11.0 is a generally available release of the
OpenShift Serverless Operator. This version of the OpenShift Serverless
Operator is supported on Red Hat OpenShift Container Platform version 4.6.

Security Fix(es):

• golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
  

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, see the CVE page(s) listed in the
References section.

Solution

See the documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index

Affected Products

• Red Hat Openshift Serverless 1 x86_64

Fixes

• BZ - 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
• BZ - 1889831 - Release of OpenShift Serverless Serving 1.11.0
• BZ - 1889833 - Release of OpenShift Serverless Eventing 1.11.0

CVEs

• CVE-2018-20843
• CVE-2019-1551
• CVE-2019-5018
• CVE-2019-13050
• CVE-2019-13627
• CVE-2019-14889
• CVE-2019-15903
• CVE-2019-16168
• CVE-2019-16935
• CVE-2019-19221
• CVE-2019-19906
• CVE-2019-19956
• CVE-2019-20218
• CVE-2019-20387
• CVE-2019-20388
• CVE-2019-20454
• CVE-2019-20907
• CVE-2019-20916
• CVE-2020-1730
• CVE-2020-1751
• CVE-2020-1752
• CVE-2020-6405
• CVE-2020-7595
• CVE-2020-8177
• CVE-2020-8492
• CVE-2020-9327
• CVE-2020-10029
• CVE-2020-13630
• CVE-2020-13631
• CVE-2020-13632
• CVE-2020-14040
• CVE-2020-14422

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index