Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Release of OpenShift Serverless 1.14.1
security update
Advisory ID: RHSA-2021:2093-01
Product: Red Hat OpenShift Serverless
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2093
Issue date: 2021-05-24
CVE Names: CVE-2021-3114 CVE-2021-3115
=====================================================================
1. Summary:
An update for
openshift-serverless-1-kn-cli-artifacts-rhel8-container,
openshift-serverless-1-knative-rhel8-operator-container, and
openshift-serverless-1-serverless-operator-bundle-container is
now
available for Openshift Serveless 1.14.
Red Hat Product Security has rated this update as having a
security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which
gives a detailed severity rating, is available for each
vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift Serverless 1.14.1 is a generally available
release of the
OpenShift Serverless Operator. This version of the OpenShift
Serverless
Operator is supported on Red Hat OpenShift Container Platform
versions 4.6
and 4.7, and includes security and bug fixes and enhancements. For
more
information, see the documentation listed in the References
section.
Security Fix(es):
* golang: crypto/elliptic: incorrect operations on the P-224
curve
(CVE-2021-3114)
* golang: cmd/go: packages using cgo can cause arbitrary code
execution at
build time (CVE-2021-3115)
For more details about the security issue(s), including the
impact, a CVSS
score, acknowledgments, and other related information, refer to the
CVE
page(s) listed in the References section.
3. Solution:
See the Red Hat OpenShift Container Platform 4.6 documentation
at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.6/html/serverless/index
See the Red Hat OpenShift Container Platform 4.7 documentation
at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/
4.7/html/serverless/index
4. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect
operations on the P-224 curve
1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can
cause arbitrary code execution at build time
5. References:
https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3115
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index
6. Contact:
The Red Hat security contact is <
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYKulBtzjgjWX9erEAQjm/hAAlFWbvMzsbylfgz8oXCZ5BBNoUDCNDRFB
AVu5C41w03Mi8pdur/xiGE1Vj64Hd/ldcbIgpqTqPyAVWV33/YRdN/Rt6y4LIqDm
Dcp0YH8ADA7CMicXZEo2VZyoIm9F2f1NpX7zNF3AWJ6hqUEdabPKZTVj12XK+uNw
spD6PhTlskKDImSIuM8oZvEPiVTlSNrOxVyN21m70NsLOb4fLJI3OLKaj/N3oJ9Z
8mJnPvgkketwshSgsAmXowMmWJ+/3FCBctvZyR9iPpY0l4dpItsNonHYOP5Qzhpr
8/J+atCEMgK3WXJxgZ+aq5osPgI7pIqfoVBy3iv87YjMoEAUX0/y5JCHhzhq13mC
LtF3LLSVb7BQzMZuPJmGN3sjG5Ep7LDyl030TuAb/phpggucJ3ZAzrB77mMK5+il
AaaW/v4wtWdcXMCezz8dQr2iWrHd2zdSf94UgOgSHXvw0RluXhFalqJKhtzQ2q+V
6ykKF4LOCPf7Cl0BD1SOi5KuAj2CK22rf4SLq5EvZ02JJPieYQQxiKnJ53Ucfo1b
sH8q59wpM9UjktBWs8GK1iPdfcfVyuCF61bCgH/AZHv1m+7NeFSmjPSkO5vWFwhE
6r28oEn2zyOJNjhI4cPlyuN1JckgGJhTkyF8YtHxiSSgE2gM2kl2oXOPmeFWmabO
btflHE/tbT4=
=9XfM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Read more https://packetstormsecurity.com/files/162755/RHSA-2021-2093-01.txt
