- Issued:
- 2026-01-21
- Updated:
- 2026-01-21
RHSA-2026:0934 - Security Advisory
Synopsis
Important: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Type/Severity
Security Advisory: Important
Topic
Release of OpenShift Serverless Logic 1.36.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This release includes CVE bug fixes:
- CVE-2024-12718 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
- CVE-2025-30749 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
- CVE-2025-40778 python3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64 RHSA-2025:19835
- CVE-2025-4138 platform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
- CVE-2025-4517 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
- CVE-2025-49794 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
- CVE-2025-49796 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
- CVE-2025-50059 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
- CVE-2025-50106 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
- CVE-2025-58060 cups-libs-2.2.6-62.el8_10.x86_64 RHSA-2025:15702
- CVE-2025-5914 libarchive-3.3.3-5.el8.x86_64 RHSA-2025:14135
- CVE-2025-59375 expat-2.2.5-17.el8_10.x86_64 RHSA-2025:21776
- CVE-2025-6020 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:10027
- CVE-2025-6965 sqlite-libs-3.26.0-19.el8_9.x86_64 RHSA-2025:12010
- CVE-2025-7425 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:12450
- CVE-2025-8941 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:14557
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Openshift Serverless 1 for RHEL 8 x86_64
- Red Hat OpenShift Serverless for IBM Power, little endian 1 for RHEL 8 ppc64le
- Red Hat OpenShift Serverless for IBM Z and LinuxONE 1 for RHEL 8 s390x
- Red Hat Openshift Serverless for ARM 1 for RHEL 8 aarch64
Fixes
- BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
- BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
- BZ - 2370861 - CVE-2025-5914 libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
- BZ - 2372373 - CVE-2025-49794 libxml: Heap use after free (UAF) leads to Denial of service (DoS)
- BZ - 2372385 - CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
- BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
- BZ - 2372512 - CVE-2025-6020 linux-pam: Linux-pam directory Traversal
- BZ - 2376783 - CVE-2025-30749 openjdk: Better Glyph drawing (Oracle CPU 2025-07)
- BZ - 2376785 - CVE-2025-50059 openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)
- BZ - 2379031 - CVE-2025-50106 openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)
- BZ - 2379274 - CVE-2025-7425 libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
- BZ - 2380149 - CVE-2025-6965 sqlite: Integer Truncation in SQLite
- BZ - 2388220 - CVE-2025-8941 linux-pam: Incomplete fix for CVE-2025-6020
- BZ - 2392595 - CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
- BZ - 2395108 - CVE-2025-59375 expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
- BZ - 2405827 - CVE-2025-40778 bind: Cache poisoning attacks with unsolicited RRs
CVEs
- CVE-2013-0340
- CVE-2016-9840
- CVE-2019-17543
- CVE-2022-23990
- CVE-2023-40403
- CVE-2024-12718
- CVE-2024-28757
- CVE-2024-34397
- CVE-2024-47081
- CVE-2024-52533
- CVE-2024-53920
- CVE-2025-3576
- CVE-2025-4138
- CVE-2025-4330
- CVE-2025-4373
- CVE-2025-4435
- CVE-2025-4517
- CVE-2025-4802
- CVE-2025-5318
- CVE-2025-5372
- CVE-2025-5914
- CVE-2025-6020
- CVE-2025-6021
- CVE-2025-6395
- CVE-2025-6965
- CVE-2025-7425
- CVE-2025-8058
- CVE-2025-8194
- CVE-2025-8941
- CVE-2025-30749
- CVE-2025-32414
- CVE-2025-32415
- CVE-2025-32988
- CVE-2025-32990
- CVE-2025-40778
- CVE-2025-40909
- CVE-2025-47151
- CVE-2025-47273
- CVE-2025-47947
- CVE-2025-49794
- CVE-2025-49796
- CVE-2025-50059
- CVE-2025-50106
- CVE-2025-53057
- CVE-2025-53066
- CVE-2025-53905
- CVE-2025-53906
- CVE-2025-58060
- CVE-2025-58364
- CVE-2025-59375
aarch64
| openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744 |
| openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711 |
| openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874 |
| openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999 |
| openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557 |
| openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993 |
| openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12 |
| openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e |
| openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3 |
| openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6 |
ppc64le
| openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0 |
| openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b |
| openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a |
| openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51 |
| openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c |
| openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4 |
| openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537 |
| openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559 |
| openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57 |
x86_64
| openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c |
| openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b |
| openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b |
| openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210 |
| openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa |
| openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714 |
| openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c |
| openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add |
| openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a |
| openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409 |
| openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
