-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless Client kn 1.27.0 Advisory ID: RHSA-2023:0708-01 Product: RHOSS Advisory URL: https://access.redhat.com/errata/RHSA-2023:0708 Issue date: 2023-02-09 CVE Names: CVE-2022-2879 CVE-2022-2880 CVE-2022-27664 CVE-2022-41715 ==================================================================== 1. Summary: Release of OpenShift Serverless Client kn 1.27.0 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Openshift Serverless 1 on RHEL 8Base - ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Security Fix(es): * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) For more details about the security issue(s), including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2154756 - Release of Openshift Serverless Client 1.27.0 6. Package List: Openshift Serverless 1 on RHEL 8Base: Source: openshift-serverless-clients-1.6.1-1.el8.src.rpm ppc64le: openshift-serverless-clients-1.6.1-1.el8.ppc64le.rpm s390x: openshift-serverless-clients-1.6.1-1.el8.s390x.rpm x86_64: openshift-serverless-clients-1.6.1-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY+VrnNzjgjWX9erEAQi+BA//RO/7j/bQzux3Csr0k+iB7wQAZARau1Hd baLuVdumbCtLVFldVm3I3/VErzguUA0p4IkVkGXA/FZnDjTEs7CNq/FYo/M0Szz1 VpT9lj2zATR62x6ARJyOXhIM/r1kNZ/A4wEtYNa+uo/inKDbogvk9SRGdXByOJkR UMX1CrINMb7lVrA9hb+2OiDVBli3oVPmMtvLyK5uMAL+HRqLrMpdYYnNMIgVpQz5 wIXE/1LBCeRUgYpw68bcH9XSswau/Aozdi1ecEqUcTSOfqcgwH5X4J9OaI6umzWG fhBWlHiRY605JI6ORg3CjuKANfH/pIMuGLknHSp6zexgy+m6CYZJ3Elc+Ndbsexu YBxde66iCuJyhsrVlCNaS0BVXHtULv+w8UdlrU2N3oHrVSvfT1QPflGp7ANeYMTa +syWjH6rksbsGOaLE96pz4tllSZrfr53Yp86qsgr6K6Pvoy0IhnS+G9ZEXHDoxdP OqiAQWkBcS7b++BKEkVyMJD5J/nkSmRP9qWyL74FW9sIDtHA/ebcaNAQ/1gR6pDW Xkh310vvhZarvx6wBfo8pFz+TojHe6pU21pKwaZSGloYC1BlVZV8ssr9Ba7tB5gb Y67R7JFr4NscZWugYp4I/7O1ODCYk5DrFd7uoJs/m7sqn0F0V+fuxC9YsnvRGQLy lgxYKldn2y4=WihJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce