Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Release of openshift-serverless-clients kn 1.33.0
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Release of openshift-serverless-clients kn 1.33.0
ID: RHSA-2024:4023
Distribution: Red Hat
Plattformen: Red Hat Openshift Serverless 1 on RHEL 8Base
Datum: Fr, 21. Juni 2024, 07:09
Referenzen: https://access.redhat.com/security/cve/CVE-2024-24784
https://access.redhat.com/security/cve/CVE-2024-24785
https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1
https://access.redhat.com/security/cve/CVE-2023-45289
https://access.redhat.com/security/cve/CVE-2023-45288
https://access.redhat.com/security/cve/CVE-2023-45290
https://bugzilla.redhat.com/show_bug.cgi?id=2277862
https://bugzilla.redhat.com/show_bug.cgi?id=2268017
https://bugzilla.redhat.com/show_bug.cgi?id=2268022
https://access.redhat.com/security/cve/CVE-2024-24783
https://access.redhat.com/errata/RHSA-2024:4023
https://bugzilla.redhat.com/show_bug.cgi?id=2268019
https://bugzilla.redhat.com/show_bug.cgi?id=2268018
https://bugzilla.redhat.com/show_bug.cgi?id=2268021
https://bugzilla.redhat.com/show_bug.cgi?id=2268273
Applikationen: Release of openshift-serverless-clients kn 1.33.0

Originalnachricht

Red Hat openshift-serverless-clients kn 1.33.0 is now available.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with
Red Hat OpenShift Serverless 1.33.0. The kn CLI is delivered as an RPM package
for installation on RHEL platforms, and as binaries for non-Linux platforms.

This release includes security, bug fixes, and enhancements.

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes
DoS (CVE-2023-45288)
* golang: html/template: errors returned from MarshalJSON methods may break
template escaping (CVE-2024-24785)
* golang: net/mail: comments in display names are incorrectly handled
(CVE-2024-24784)
* golang: crypto/x509: Verify panics on certificates with an unknown public key
algorithm (CVE-2024-24783)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and
cookies on HTTP redirect (CVE-2023-45289)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

A Red Hat Security Bulletin, which addresses further details about the Rapid
Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-45288: Uncontrolled Resource Consumption (CWE-400)
CVE-2023-45289: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-45290: Improper Input Validation (CWE-20)
CVE-2024-24783: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-24784: Misinterpretation of Input (CWE-115)
CVE-2024-24785: Improper Neutralization of Special Elements in Output Used by a
Downstream Component ('Injection') (CWE-74)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung