Issued:: 2021-01-11
Updated:: 2021-01-11

RHSA-2021:0072 - Moderate: OpenShift Serverless 1.9.0 release and security update

Synopsis

Moderate: OpenShift Serverless 1.9.0 release and security update

Type/Severity

Security Advisory Moderate

Topic

OpenShift Serverless 1.9.0 release and security update is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Serverless 1.9.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5.

Security Fix(es):

golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

See the documentation at: This content is not included.https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index

Affected Products

Product	Version	Arch
Red Hat Openshift Serverless	1	x86_64

Fixes

CVEs

References

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.