Issued:: 2025-01-23
Updated:: 2025-01-23

RHSA-2025:0664 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Release of OpenShift Serverless Logic 1.35.0 security update & enhancements

Type/Severity

Security Advisory: Moderate

Topic

Release of OpenShift Serverless Logic 1.35.0

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This release includes security, bug fixes, and enhancements.

Security Fix(es):

com.graphql-java/graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java (CVE-2024-40094)
openshift-serverless-1-logic-rhel8-operator-container: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)

For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Openshift Serverless 1 for RHEL 8 x86_64
Red Hat OpenShift Serverless for IBM Power, little endian 1 for RHEL 8 ppc64le
Red Hat Openshift Serverless for ARM 1 for RHEL 8 aarch64

Fixes

BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
BZ - 2301456 - CVE-2024-40094 graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
BZ - 2310908 - CVE-2024-45296 path-to-regexp: Backtracking regular expressions cause ReDoS

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

aarch64

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:83e0e9053d0378243b998913a1eeb1389975ca206795db24b353ef3d0a033cad

openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8f465cefedf8fa0ac5411984b47389e512c54f038be7ea6937f11b33a0ae544d

openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:e072472c48308e24fe8065837277a6886bd52ece5209dfcaf91bd29390d1f46a

openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:967bd9e6268ec3cc2ce974e6f43fa0b56773000dc74ea6330a26ca31d2b15df5

openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:3eaa8f77385fca49bf0e8b17aa27b3b2cbfc41225e3c02d49205fd98c9a7ad03

openshift-serverless-1/logic-operator-bundle@sha256:13d391b2a921dcc79d38a452dfd3924c77a972a7cedae2a547a3820345c606c8

openshift-serverless-1/logic-rhel8-operator@sha256:cb4dbd05449296fe6cdd8c5b54375b4f856d4d4ba4a0b634df370a248ba19820

openshift-serverless-1/logic-swf-builder-rhel8@sha256:1533005bf710c95dca7b0b514f72df873f4a9c510697c76804eec32a5b5f057a

openshift-serverless-1/logic-swf-devmode-rhel8@sha256:7438efe5d9db033e410419ec6e7620a268192762a65d825c91950cd4a629c46f

ppc64le

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:d7e430549b5bb731d2dcdfe035eaad09749a715a20fb317f0a298c2816416993

openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:329594c53c4a745faf4d0cf5e545d67330c0aeae6ac00b64e9ec0f8ce0df184b

openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:499153657dee98797271613cc36f621287c07ef217da630a05d8a97d89f62fd7

openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a71f103ea3d12753fd12e7e760729d2ded4fa8db9a297d3422857b6071dcac78

openshift-serverless-1/logic-operator-bundle@sha256:8f7be86799ab9e12431d755cf8fd7882b3bb870ed698c9b5ba51929d4cc9d01d

openshift-serverless-1/logic-rhel8-operator@sha256:f7d5c366b734c40aef8aefbe3e656fc633ae6c9011a0fffd65f01506067a695f

openshift-serverless-1/logic-swf-builder-rhel8@sha256:a1e75bc27adcbc4df57f4fdc289ca2eafd0fef9b87b2a78fcc523860a40aea0d

openshift-serverless-1/logic-swf-devmode-rhel8@sha256:ff2bc62c20412ba5e7dcb4c71f9b6c56a250766e59031444461e5f4d626aa106

x86_64

openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:56afce3767c0107b1d8eddb0e11349b9d590c22ebfee7a549f627c49136992d4

openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:ef1070b9c74786f739aeca2bbb9e3a47737fe6fb94b914a66e87919dfa9d6e74

openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:5821f6a8b84797f2786d88be10bcd064576e589ea3c57d1db90d100007322fd8

openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:2ca2a45af55aef2a611e42106ee1deec6b77c143b41e4eabdd845b51661eb7e6

openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:89282abb48abfecd20634112d03450452c795a33c22f43dca2582cb30055b490

openshift-serverless-1/logic-management-console-rhel8@sha256:b78d197751ef9cfdbd57d682f3478f87c6bb4786a72c72f3e33762576ce0a204

openshift-serverless-1/logic-operator-bundle@sha256:a1d1995b2b178a1242d41f1e8df4382d14317623ac05b91bf6be971f0ac5a227

openshift-serverless-1/logic-rhel8-operator@sha256:35fa091442aea7a9b5bbff8581d51a954fc8a1c0d9c411de91ec547cb6b3d762

openshift-serverless-1/logic-swf-builder-rhel8@sha256:033cb5cf3fedea187bd9f72aa45ff081f7c9825b4e4235010172ce6a12610e8a

openshift-serverless-1/logic-swf-devmode-rhel8@sha256:35877fb2aae353f2ed57f7a975a45f510fdf0cf8dc0070e52b47ed590af0f0b8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation