Mehrere Probleme in OpenShift Serverless
ID: | RHSA-2021:0146-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat OpenShift Serverless |
Datum: | Fr, 15. Januar 2021, 00:03 |
Referenzen: | https://access.redhat.com/security/cve/CVE-2020-1730
https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2020-28366 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2020-28367 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-24553 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2020-24659 |
Applikationen: | OpenShift Serverless |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.12.0 Advisory ID: RHSA-2021:0146-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2021:0146 Issue date: 2021-01-14 CVE Names: CVE-2018-20843 CVE-2019-5018 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-16168 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-6405 CVE-2020-7595 CVE-2020-9327 CVE-2020-10029 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-24553 CVE-2020-24659 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 ===================================================================== 1. Summary: Release of OpenShift Serverless 1.12.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. 2. Description: Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366) * golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367) For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. 3. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-24553 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-28366 https://access.redhat.com/security/cve/CVE-2020-28367 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index 6. Contact: The Red Hat security contact is |