Red Hat Product Errata RHSA-2023:5480 - Security Advisory
Issued:
2023-10-05
Updated:
2023-10-05

RHSA-2023:5480 - Security Advisory

Synopsis

Important: Release of OpenShift Serverless Logic 1.30.0 SP1 security update

Type/Severity

Security Advisory: Important

Topic

Release of OpenShift Serverless Operator 1.30.1 and OpenShift Serverless Logic 1.30.0 SP1

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description

Red Hat OpenShift Serverless release of OpenShift Serverless Logic.

This release includes security fixes.

Security Fix(es):

  • quarkus: HTTP security policy bypass (CVE-2023-4853)

For further information about CVE-2023-4853, see the Red Hat Security Bulletin link in the References section.

For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Openshift Serverless 1 x86_64
  • Red Hat OpenShift Serverless for IBM Power, little endian 1 ppc64le
  • Red Hat OpenShift Serverless for IBM Z and LinuxONE 1 s390x

Fixes

  • BZ - 2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass

aarch64

openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:f8e100e096e6730624cafec710f993d50797a854a3ebaaf475916c37d3cc3ba2
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8@sha256:0cc0ae9009348bd8b039636594b6ee16d1a36abe0e087f5c0dec256f5b320ad3
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8@sha256:494dcf580e5f05ea7106b3842a84cf2a2a11f8b50be145b88821f1960c10993b

ppc64le

openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:5cc784c8422b2fa2bcfc01fcd3a55b36882037fd029d278a6a51ea012de5effb
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8@sha256:ac502999e989c3339ec376929c1715a8ababf9b75fa7a085488b1a730bda68a8
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8@sha256:e9ce0d3c89fae18eff4d1a0ee0ccf4395beb38c8618fd4685298e30c68973ed9
openshift-serverless-1/client-kn-rhel8@sha256:89dd6b563582dcd91384497eb90aa79f6526ba902129f2fb1b7d35c7057524c1
openshift-serverless-1/ingress-rhel8-operator@sha256:a27693bd13c1dc4d60927bfbcaea8c05740d5b9f9ba62d45861e6db569cbf023
openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:a0d46c24aef2c98ec8866998386d8916fa652c7c5718b0af2b76434539083897
openshift-serverless-1/knative-rhel8-operator@sha256:134c6680d9cdee4ed660de1ee43d816db7bcfb949b3f931852853dc37067a3d8
openshift-serverless-1/serverless-rhel8-operator@sha256:b1e59075a2d208252a6b2a1d4dd245dddb3e354594ae3451dbe9fcb733612992
openshift-serverless-1/svls-must-gather-rhel8@sha256:dfb31882aa0e5eb1468357217e90db73b53129c6d903694c61f5542cce494150

s390x

openshift-serverless-1/client-kn-rhel8@sha256:a03748a70ae2d14b46451c4d0bb64f38318939929fae0720b332d9d59f249753
openshift-serverless-1/ingress-rhel8-operator@sha256:eb85156934335659c84db3849c4c76735efcf96c79dd90bd2c1c05a49e47288b
openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:e6afabd57c213b4bdf568e41a23f50ecf152c37513238edc44d478c9fce3237b
openshift-serverless-1/knative-rhel8-operator@sha256:efbbab9ffcb6fcbcea15a1f44519c389205366125b261f2928e115d84447a8d8
openshift-serverless-1/serverless-rhel8-operator@sha256:d7cb0bb8df135a12f9aa3026ff154d2979680effdb969ca42e9df3bd9b473a4a
openshift-serverless-1/svls-must-gather-rhel8@sha256:5a6a1342debc2b944dc8e6919357d7afb620caaba0d42023b0264d1b201639a0

x86_64

openshift-serverless-1-tech-preview/logic-data-index-ephemeral-rhel8@sha256:de33007837951f1368676238788cb6dbabd7b319d1655cf5b8fe99f4b637f954
openshift-serverless-1-tech-preview/logic-swf-builder-rhel8@sha256:317a54d70480cc67f6e91530dcbadba8eaec7039aa705d9e473ba92486f89aab
openshift-serverless-1-tech-preview/logic-swf-devmode-rhel8@sha256:e8b1941ba7867c77f1545b0208d7738264e9f40b399e362b82aafb9c73eebd7d
openshift-serverless-1/client-kn-rhel8@sha256:e3b5d892e23912dca1a3c79f62f9cd4ec4220348291c285e59beedcaa23c6918
openshift-serverless-1/ingress-rhel8-operator@sha256:8ba64b3d8ea7b204615c889a80af13466b2272be05f227dea113593160a9cf5a
openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:6179fa42de591d7048490f95ca3eba77d040dc7969087f280ad6087b306c4c05
openshift-serverless-1/knative-rhel8-operator@sha256:44f1531181bc20255a9d3fe306bce287c77d0f242640de4accdeff41fcbbe9ee
openshift-serverless-1/serverless-operator-bundle@sha256:8371de71b7631fec17318af551faeb32a666c96a154f1e8101b97fb4f07ff100
openshift-serverless-1/serverless-rhel8-operator@sha256:e2ca3fafd6835d89e4c1494d2fbc2ed869ea99455fd50342e94ae7acbcc667fa
openshift-serverless-1/svls-must-gather-rhel8@sha256:8fcaa5f0d48e4b8a65fdb3cbe61937b3284400711b7d7b912a77c942d2de56e9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.