Red Hat Product Errata RHSA-2021:2021 - Security Advisory
Issued:
2021-05-19
Updated:
2021-05-19

RHSA-2021:2021 - Security Advisory

Synopsis

Moderate: Release of OpenShift Serverless 1.10.2 security update

Type/Severity

Security Advisory: Moderate

Topic

Openshift Serverless 1.10.2 is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Serverless 1.10.2 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5.

Security Fix(es):

  • golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
  • golang: cmd/go: packages using cgo can cause arbitrary code execution at build time (CVE-2021-3115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Openshift Serverless 1 for RHEL 8 x86_64

Fixes

  • BZ - 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
  • BZ - 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.