RHSA-2024:4867 - Security Advisory

Topic

Red Hat openshift-serverless-clients kn 1.33.1 is now available.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Red Hat OpenShift Serverless Client kn 1.33.1 provides a CLI to interact with
Red Hat OpenShift Serverless 1.33.1. The kn CLI is delivered as an RPM package
for installation on RHEL platforms, and as binaries for non-Linux platforms.

This release includes security, bug fixes, and enhancements.

Security Fix(es):

• golang: archive/zip: Incorrect handling of certain ZIP files(CVE-2024-24789)

A Red Hat Security Bulletin, which addresses further details about the Rapid
Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

See the Red Hat OpenShift serverless 1 documentation at:
https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1

Affected Products

• Red Hat Openshift Serverless 1 x86_64
• Red Hat OpenShift Serverless for IBM Power, little endian 1 ppc64le
• Red Hat OpenShift Serverless for IBM Z and LinuxONE 1 s390x
• Red Hat Openshift Serverless for ARM 1 aarch64

Fixes

• BZ - 2292668 - CVE-2024-24789 golang: archive/zip: Incorrect handling of certain ZIP files
• BZ - 2296266 - Release of Openshift Serverless Client 1.33.1

CVEs

• CVE-2024-24789

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1