-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Release of OpenShift Serverless 1.19.0 Advisory ID: RHSA-2021:4766-01 Product: Red Hat OpenShift Serverless Advisory URL: https://access.redhat.com/errata/RHSA-2021:4766 Issue date: 2021-11-23 CVE Names: CVE-2021-3733 CVE-2021-22946 CVE-2021-22947 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36221 ===================================================================== 1. Summary: Release of OpenShift Serverless 1.19.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Serverless release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Security Fix(es): * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index See the Red Hat OpenShift Container Platform 4.9 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0 5. References: https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZz9ndzjgjWX9erEAQjcxw//ThWLuR04rJhSDaIii743ZOuIzEXW2qlN w9BzSoC5LzFMokZE2xLROmcz1cMfYjxU588REdP/1/42iSub7gt8+Defam00Uagw Dm2SA5Je3mT/O44Cfzvg/YCnAlAiZKQA6XIx+whlfKtRphB+PvxV0Za15PPoiM/V YEmV41DXlKkGlRLlOTmJ5ELn7mN4r8BmH3fg8Gp6pGtESOqSP5iW79vQzQBJdojK pdDEJWjRc2bfCTcXIgR6lry2paSyECkL/3KTgNmMeLE+kRvhPL/fC1TGGIzkygKv LN9ychyhRMfD1TFyIBYQmVRfTaoAvUaCa/zoGBRRZfyXG7q3ig4xBDNUiJtDU5KJ pXnlIQcHwYCRkqxpyX1KlAaAIri6rUIsk3kOz+NBf51BQtwg8yprjZXdNWNgJrDU gzEK0cZAII9/xD0DhBMcYJnmejZpqTnR1O/eaUHQpjyVi1mbekf4YPcz2hmbqUmp 5D4zOouBUxmBG4r7vnndvVEv059cVaglPxfv9YXHdf3o5hpcnzce1IDws2aS85HM R0aVYDlzWTeZBgXBIcuoxuug2J+1TddQCik8NL0eV1GEXyB/cMUEUDmvlS0+tChy cW0Lnq75vj5doRudAuBMOFIeJcNfHlXkXOcMRa9dRitnYjtP40tosW3Nbf2jKusT VuCeUO89CXk= =T3Li -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce