Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Release of OpenShift Serverless Version 1.22.1

Related Vulnerabilities: CVE-2018-25032   CVE-2021-3634   CVE-2021-3737   CVE-2021-4189   CVE-2022-23772   CVE-2022-23773   CVE-2022-23806  

Source

Synopsis

Moderate: Release of OpenShift Serverless Version 1.22.1

Type/Severity

Security Advisory: Moderate

Topic

OpenShift Serverless version 1.22.1 contains a moderate security impact.

The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.

Description

Version 1.22.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

  • golang: crypto/elliptic IsOnCurve returns true for invalid field elements(CVE-2022-23806)
  • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control(CVE-2022-23773)
  • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section.

Solution

See the Red Hat OpenShift Container Platform 4.6 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Affected Products

  • Red Hat Openshift Serverless 1 x86_64

Fixes

  • BZ - 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
  • BZ - 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
  • BZ - 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
  • SRVKE-1217 - New KafkaSource implementation does not default to PLAIN for SASL

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started