Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Release of OpenShift Serverless 1.20.0

Related Vulnerabilities: CVE-2019-5827   CVE-2019-13750   CVE-2019-13751   CVE-2019-17594   CVE-2019-17595   CVE-2019-18218   CVE-2019-19603   CVE-2019-20838   CVE-2020-12762   CVE-2020-13435   CVE-2020-14155   CVE-2020-16135   CVE-2020-24370   CVE-2021-3200   CVE-2021-3445   CVE-2021-3580   CVE-2021-3712   CVE-2021-3800   CVE-2021-20231   CVE-2021-20232   CVE-2021-20266   CVE-2021-22876   CVE-2021-22898   CVE-2021-22925   CVE-2021-27645   CVE-2021-28153   CVE-2021-29923   CVE-2021-33560   CVE-2021-33574   CVE-2021-35942   CVE-2021-36084   CVE-2021-36085   CVE-2021-36086   CVE-2021-36087   CVE-2021-38297   CVE-2021-39293   CVE-2021-42574  

Source

Synopsis

Moderate: Release of OpenShift Serverless 1.20.0

Type/Severity

Security Advisory: Moderate

Topic

Release of OpenShift Serverless 1.20.0

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.

Security Fix(es):

  • golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
  • golang: Command-line arguments may overwrite global data (CVE-2021-38297)
  • golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Affected Products

  • Red Hat Openshift Serverless 1 x86_64

Fixes

  • BZ - 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
  • BZ - 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
  • BZ - 2012887 - CVE-2021-38297 golang: Command-line arguments may overwrite global data
  • BZ - 2024838 - Release of OpenShift Serverless Eventing 1.20.0
  • BZ - 2024839 - Release of OpenShift Serverless Serving 1.20.0

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started