- Issued:
- 2023-03-09
- Updated:
- 2023-03-09
RHSA-2023:1181 - Security Advisory
Synopsis
Moderate: Release of OpenShift Serverless 1.27.1
Type/Severity
Security Advisory: Moderate
Topic
OpenShift Serverless version 1.27.1 contains a moderate security impact.
The References section contains CVE links providing detailed severity ratings
for each vulnerability. Ratings are based on a Common Vulnerability Scoring
System (CVSS) base score.
Description
Version 1.27.1 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12.
This release includes security and bug fixes, and enhancements.
Security Fixes in this release include:
- golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests(CVE-2022-41717)
For more details about the security issues, including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE pages linked in the References section.
Solution
See the Red Hat OpenShift Container Platform 4.9 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index See the Red Hat OpenShift Container Platform 4.10 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index See the Red Hat OpenShift Container Platform 4.11 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index See the Red Hat OpenShift Container Platform 4.12 documentation at:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index
Affected Products
- Red Hat Openshift Serverless 1 x86_64
Fixes
- BZ - 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
CVEs
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.11/html/serverless/index
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/serverless/index
ppc64le
| openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:6c60257df788dc2d94f5f2d6b68267ce9ef836174f729923c07a3b4cf2892fb4 |
| openshift-serverless-1/client-kn-rhel8@sha256:911aa00fda2474f1a83e27fae65c349630c625571aefbf69fce57b864e36b164 |
| openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:cf4eeb5f91e3acca5caf07ee81ac07d40c55f040f3a926076bafbb0eae87d3f5 |
| openshift-serverless-1/eventing-controller-rhel8@sha256:08fb54ed718defbc681f9effaa5cbc6b56d96f45777e7c4f7b78fcfea0b2dda9 |
| openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:59d8885f31713f602ec5b3ef315df52629dae1f4caab145e9e1781462fcc69d4 |
| openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:0f27f334a6cc633f39b3738702cda682e3c25ebc17acc6accf15bc1868dfa084 |
| openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:05ca44d8ecda9923be00c34f0828b9009911de1f63c05f2e7fb02fd9c0723b94 |
| openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:5a349d3547164e6d547c3d6fae4fb28f2943a25293bb83d069347713aa665229 |
| openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:4f3d293f208032173c898ed6a527265f89f1490be3862f32e2f3271bd0f15c6a |
| openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:5388048a86d2dc92610dcfc881b51f51dbd68084b9033dd50b2d03574bfa4e97 |
| openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:2858f2e42d4ea07a13cfc812d88ed6027dbf3bac7448c40774b53ba51b41ccaf |
| openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:c9617e379366b951713307a4997859e186947b63c4f95216e12742be6fbf46b8 |
| openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:e04b988985c7421f08a198f09eb37227a92090cdbe08785bc2d97bd4af7c0f76 |
| openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:123e25562e1e9ed0fba3c7f4cb180cd75366ec1423710f82c655327ca3163e53 |
| openshift-serverless-1/eventing-mtping-rhel8@sha256:6fdf8cd6badf82aa533a3cd60eae73c60a4a664a93a022d7726c666d82a509d4 |
| openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:c640454cdf389b498d547044f7e6bc3424290d25af5fcbe0e412177442a8aa07 |
| openshift-serverless-1/eventing-webhook-rhel8@sha256:fdcaf1fa3e39ba0c9202f6ac94965175245aafc8e1a0946e4faa61074152c252 |
| openshift-serverless-1/func-utils-rhel8@sha256:aed5ab696c239c92eed6341eafaf74f55ed0a6773cab2244d48664a655784a73 |
| openshift-serverless-1/ingress-rhel8-operator@sha256:ebf9ef585bb081bbcfe9c511899eb08aa1fe0eb587b2fbfcd0d8e1eee248abad |
| openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:2b1c564c323ef08ddce0eb253cfebda173b74182f418e505ffda57bd1fe12801 |
| openshift-serverless-1/knative-rhel8-operator@sha256:99f30bae7f82cb97002cab5a43e71fce3ec974949b9fdc68ce555a37b80633c1 |
| openshift-serverless-1/kourier-control-rhel8@sha256:419e793cd4c5df89431eeda1931cfce1c80203de28a2b04f890941d0537b161e |
| openshift-serverless-1/net-istio-controller-rhel8@sha256:4fc000e8920699f66957816db61f29ece87c8399d26347a4fda9016dad40b3f7 |
| openshift-serverless-1/net-istio-webhook-rhel8@sha256:1b82f9b7c56e37fff945cfc1b273d906200769d89bbc1eb8e347415b425c7574 |
| openshift-serverless-1/serverless-rhel8-operator@sha256:62c5ac7e333d15f60fdd5adee235a03f77d00ac8462cb90356271024f8ae4226 |
| openshift-serverless-1/serving-activator-rhel8@sha256:a82c1c3e53b205c01bd3a37ab0d78311022d1bc5691d15646f46f3e9d757446d |
| openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:b991332203fbcba8a5b9cefd4ae3eadb3bb150c9fc26c7c858d6a265d655ca45 |
| openshift-serverless-1/serving-autoscaler-rhel8@sha256:0867ec5c74765a9855fe1b913fc0e96a9c5a4a6cd4e24b7efbf3b4163c6be56b |
| openshift-serverless-1/serving-controller-rhel8@sha256:6b7696e866be959ab5ee9ac12eb361a5df6df7e9baa7adfeeed26c871404d0b3 |
| openshift-serverless-1/serving-domain-mapping-rhel8@sha256:9034a992a88bc1c5952b796efdec41182c72a099a6288b97bdd8eb055595f535 |
| openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:58756195ef9066434116029da58507ab8e9c5e3421975f5c69d6f8c05ee97265 |
| openshift-serverless-1/serving-queue-rhel8@sha256:b8223f1d120c9b7bed9dae145b7db70e861e3381ea04d089dc2e3317c800b9a4 |
| openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:37d315afe6cd75aa7296a07759eae8ddd992df4b36a2abaa02d61830439d9b71 |
| openshift-serverless-1/serving-webhook-rhel8@sha256:4cce7b3741635c340a2acc17f56857d54ca3d1a529ffcd19d0df1edeb07e08f0 |
| openshift-serverless-1/svls-must-gather-rhel8@sha256:fb0a7b07b8ad7a8b522a4f8f6d8c6ecc3299aeb14abeaabd9111cad9556b27b5 |
s390x
| openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:eccb55a70b66e7c27102b28bc07b80a15037837bf1f2f122c6d2efb8499bdeac |
| openshift-serverless-1/client-kn-rhel8@sha256:ac48a7428a93f159939e574b9eed11af2eae9199f0e31d4d198dc4c9589fc236 |
| openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:87a3cc7c1ab960e95c065d6d6d76de797bc458951d497134958982d0f4442a54 |
| openshift-serverless-1/eventing-controller-rhel8@sha256:5406d387f533f2c6d59081b91a84ffb8e15a03aece66999cb7260a57afe72cdf |
| openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:3560be4e8a509e28a76e2bffbd9834741356a26954e9977aa86f9c9f5dc386d2 |
| openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:e448dd94f78fcc673affed31cab9fc55212788ecce790aaca9737fcfdedb0891 |
| openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:655960565204ce77e5a397f117acc3eb4554eee09c7d93e002940a48bf1e74db |
| openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:17cc3f669d8edf22b74aa082d5cbdf41f05f88a4b06061485a7ab6cd78c0a36c |
| openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:03d385444cbb4ee86ea5ecc0e89de124c3fef939ce2a366f069241dafed920b2 |
| openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:4145c6887f1dbdc9fec9009409359ce1825d9b3a1dd943fa0d9cb61ca9b17884 |
| openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:32bc9227b84adf067041f8bcc3f32668efa7896b58429cdda60ebdae96c780f6 |
| openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:75292d4fddc327cd29cc8ab3bd35fa456abe367d4a35d338cdfe66c6515501e9 |
| openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:c7470047ca9fea07d9782ef9426b744dbfe749c6cefc96d301957a91630f156d |
| openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:e4ea60f11d7827ea403a668e4fd4b62d85d9d370b22f51024993860d71425103 |
| openshift-serverless-1/eventing-mtping-rhel8@sha256:5c0686aec474c0f4affa2c2283eceffb43ab46dace566919c145a372ee7fc921 |
| openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:6b19d205a6bf2bc610cfa73099d7f340096de60b0656dce49440088aefa156ad |
| openshift-serverless-1/eventing-webhook-rhel8@sha256:14e318f0ca5b300388a2cda20bbcadfad9f1d5affd106637a351734ff323208d |
| openshift-serverless-1/func-utils-rhel8@sha256:db91ffd46e639c5a3cbfee3830c2e6180ed1e79b084f810c9b7cd1395638bc6e |
| openshift-serverless-1/ingress-rhel8-operator@sha256:1a172e889654f68150ead4abf04ada4f62a1eae3efd2d72203a3b6e9630337a3 |
| openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:4036e94a36fda6b6e99e24bdfe8c65e6cf54c13b852188c9cc47f2e3f14e4675 |
| openshift-serverless-1/knative-rhel8-operator@sha256:df1a276214d43a93da70ceab534f486bd424824aab5f455538649682e52265f9 |
| openshift-serverless-1/kourier-control-rhel8@sha256:c5a4e9977a8cf0138eaa4f86b20e7fe0d2aff69d6d4a49e38bc060934a0e42c8 |
| openshift-serverless-1/net-istio-controller-rhel8@sha256:75ea7c3161b45797af514117f30606f449df01ec2a077627e560ce002a554399 |
| openshift-serverless-1/net-istio-webhook-rhel8@sha256:56b24686c1bd37b1484d747160989bda6aa0d4d59ccf827397d8d6d699125f82 |
| openshift-serverless-1/serverless-rhel8-operator@sha256:d78b7c4441f5fe4f80153d43de794de84d9be9e7c9fcfc1db0046764cf1c9add |
| openshift-serverless-1/serving-activator-rhel8@sha256:2ac2cb4b2b891e6d6a9e9ac9bcbff6298b1793e325671661c25eb03d108f46a2 |
| openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:ec79545c8da51ef0b5734a212c2ea65d473814d5c37557fcea8477f54c16469f |
| openshift-serverless-1/serving-autoscaler-rhel8@sha256:a7d2f8eff8bee12231feef8693c35a7c2459c7a454e78d229f7aba36c974aea5 |
| openshift-serverless-1/serving-controller-rhel8@sha256:6ddc7991f52752d3cb308724fff9037f39a12b757e2e39afc9af73f29f7b5c69 |
| openshift-serverless-1/serving-domain-mapping-rhel8@sha256:c5df79a251eff36e895fa608ea69464535e45a2d30c4ed25a50341109b6a8d68 |
| openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:ca17edfe02cd76c9fe5a28e9c5b070016066831941dab5739e56bb99d370038a |
| openshift-serverless-1/serving-queue-rhel8@sha256:087f0612c03455d3c4bd2f232650b7d9e393b7444525aecee63cd08f21c423dd |
| openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:d48d56c1c7df07fa194ebfb5fe698da6832bbd5a1aa7c091ef88eece5a8ea0b4 |
| openshift-serverless-1/serving-webhook-rhel8@sha256:fa441fc201f305e2c6bea47b02a1b554935f93241c307a42ca55ce6bfb35cf10 |
| openshift-serverless-1/svls-must-gather-rhel8@sha256:561d83d72b975ace9826a60fad75824a3e9e722c6514e14953c3a595e8c024b3 |
x86_64
| openshift-serverless-1-tech-preview/knative-client-plugin-event-sender-rhel8@sha256:1aba8f8659073b7a930586d1b2dcf9850e79159ee8f622c8c5560de9ad8b2956 |
| openshift-serverless-1/client-kn-rhel8@sha256:e4ac2b8953d5550fa27879ec78a8f4b475ef6c13639fe827329a228bb475ee02 |
| openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:9b346b58c8f659f93a5b5519a7a588f1e99f361a18b310fa9ad3fb0f1633bf0e |
| openshift-serverless-1/eventing-controller-rhel8@sha256:21f880969b860073f7f13d0f0b94247707eb9877bcee703d741cb10452deaa49 |
| openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:74f0fd3eb861035bbbddcda6545f353146973dcea6edfc2fd1c57c03a4f35c07 |
| openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:30d632dff96e40d39b600d389695bd7fbf1674d183a2f4a4f8d374df8a9465c0 |
| openshift-serverless-1/eventing-kafka-broker-controller-rhel8@sha256:0d792e0585804a4d5a44b19e8dd3977b94b985941e194290d8e29930b58dba89 |
| openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8@sha256:a2905d2d14664d04228c82906d97aeeb7e08f8de5dfe3a7b2f4696bf7201641d |
| openshift-serverless-1/eventing-kafka-broker-post-install-rhel8@sha256:220e8aeddf2d3291bfbdb9df693948f556cec965b846d7bfebf72f6e97a1c598 |
| openshift-serverless-1/eventing-kafka-broker-receiver-rhel8@sha256:c2fd3268b7431d67c587692246341c0d6bfe255879bb0b0d5fa4cbeb224a5308 |
| openshift-serverless-1/eventing-kafka-broker-webhook-rhel8@sha256:093b72134c9693e2b310ccb5f76d0a8448be6e07ddb2f8039b9d4e9140b3ff97 |
| openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:d1379eae0ea6227a590d1c81af9b8608810a94620026eff89f2abdbd61e3a0f7 |
| openshift-serverless-1/eventing-mtbroker-ingress-rhel8@sha256:d758b2f4acda986fb6bc50f1a0ef0361b048aae8e75a6cd125da95d36cd7b0d6 |
| openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:b4d9f007c7c2ffe0236e4028e1cc8a69057d473ecae8dd172aea92b55ce6810c |
| openshift-serverless-1/eventing-mtping-rhel8@sha256:07aca4b3d6605cf01657ef4441550d4a8603cc76d623e26950265f5e4820e526 |
| openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:3c5a9015a6e81af986f5f1e3f6e7418812504ca48e71bf34a7cb81a999453356 |
| openshift-serverless-1/eventing-webhook-rhel8@sha256:4c81e922eb66c6f4badf5b0465af4508265aa130ebeb3939bda67f0688df475f |
| openshift-serverless-1/func-utils-rhel8@sha256:9bcbfbd1ad910111a6bf7c0967dbe8b0b844685c7c9ab8c985f20dc408c24bf1 |
| openshift-serverless-1/ingress-rhel8-operator@sha256:b5e05c2024fcc38ec9b5ae5d53e8b16b34ef0bf028eb5fe7b60c65e30dadbf92 |
| openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:3070952540f51c98279029ec0518af02e486564a1aec16be270af214798e09eb |
| openshift-serverless-1/knative-rhel8-operator@sha256:11e9333866e2b0d984a1af05cfbc62a954ef5302abbae892eb9fffafbda724ae |
| openshift-serverless-1/kourier-control-rhel8@sha256:fbae7aa0411486a3906bf8e7f1b73a177112f8c49392ca709d32982bf59d62d4 |
| openshift-serverless-1/net-istio-controller-rhel8@sha256:92e7aeef4e41c2dfa51e8b5c4d7697974bdb3d3bf37040bf028535693679fdb0 |
| openshift-serverless-1/net-istio-webhook-rhel8@sha256:ee8920ad7e12ca617995a2c71d18338ac6604f5a7488c3eb78e25d2a019df2ea |
| openshift-serverless-1/serverless-operator-bundle@sha256:2f82fcdc9a5424a2e195fda62ce0a018970e0211f253eb0d5ae47a72dd0bb6fc |
| openshift-serverless-1/serverless-rhel8-operator@sha256:36bef14733dd8a330434f98a15bf4e67a991370ebd811a0ac5c2878ba14214ce |
| openshift-serverless-1/serving-activator-rhel8@sha256:22ff7fe636bbf3de0f0b5fa3995f15a28495ac676972232eebdddcdd57ff5b20 |
| openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:e1b4a12cdc84698826dc62a27cfbea01303d21013c85ee21d0732d723b9fdf3a |
| openshift-serverless-1/serving-autoscaler-rhel8@sha256:93e77a7268bfc7d23d103ca213d144d525527a4a8e499d8584e04e6229a9b6a7 |
| openshift-serverless-1/serving-controller-rhel8@sha256:3c980a415ad2ffd1529b52cee6dd1779b45696c9be0961198875d58eea5ba290 |
| openshift-serverless-1/serving-domain-mapping-rhel8@sha256:9f64f772dd45cf9d62bd53b8fa9a08cbd82449b2dde52f4d6c50531cf3107d4e |
| openshift-serverless-1/serving-domain-mapping-webhook-rhel8@sha256:f6130c745006bea226fb49f4e8d8b9b342e67c84584fe8197dc5cf8deb48635c |
| openshift-serverless-1/serving-queue-rhel8@sha256:ee639b6bf4635b5d4cacd1b6e8a99520860daa11357443226133699b965c1fa5 |
| openshift-serverless-1/serving-storage-version-migration-rhel8@sha256:1f9b2b80b8407062c97c626e53e2cd3c65d0f1f7df8cab8d3e272349d76cc18f |
| openshift-serverless-1/serving-webhook-rhel8@sha256:35ba1a99e257d82e96142af0cf8c944d37115469e9c890b5599fd9c88852f1b3 |
| openshift-serverless-1/svls-must-gather-rhel8@sha256:79e584c884375e1928be1acd26d004edf685d1383d40665dbb03f9dfd135d61d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.