- Issued:
- 2024-02-15
- Updated:
- 2024-02-15
RHSA-2024:0843 - Critical: Release of OpenShift Serverless 1.31.1
Synopsis
Critical: Release of OpenShift Serverless 1.31.1
Type/Severity
Security Advisory Critical
Topic
Red Hat OpenShift Serverless version 1.31.1 is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Version 1.31.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.11, 4.12, 4.13 and 4.14
This release includes security, bug fixes, and enhancements.
Security Fix(es):
- go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
- go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)
- golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
- ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
- logback: A serialization vulnerability in logback receiver (CVE-2023-6481)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Solution
See the Red Hat OpenShift serverless 1.31 documentation at: https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Openshift Serverless | 1 | x86_64 |
| Red Hat OpenShift Serverless for IBM Z and LinuxONE | 1 | s390x |
| Red Hat OpenShift Serverless for IBM Power, little endian | 1 | ppc64le |
Fixes
- This content is not included.BZ - 2252956
- This content is not included.BZ - 2253330
- This content is not included.BZ - 2254210
- This content is not included.BZ - 2258143
- This content is not included.BZ - 2258165
CVEs
- CVE-2021-3468
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-5388
- CVE-2023-5678
- CVE-2023-5981
- CVE-2023-6481
- CVE-2023-7104
- CVE-2023-27043
- CVE-2023-38469
- CVE-2023-38470
- CVE-2023-38471
- CVE-2023-38472
- CVE-2023-38473
- CVE-2023-39326
- CVE-2023-39615
- CVE-2023-48795
- CVE-2023-49568
- CVE-2023-49569
- CVE-2024-0553
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20932
- CVE-2024-20945
- CVE-2024-20952
References
- https://access.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.