What is the severity of RHSA-2023:3455?

The severity of RHSA-2023:3455 is categorized as a security advisory related to OpenShift Serverless Operator which includes important security fixes.

How do I fix RHSA-2023:3455?

To fix RHSA-2023:3455, users should update to version 1.29.0 of the OpenShift Serverless Operator on supported OpenShift Container Platform versions.

What are the affected versions in RHSA-2023:3455?

RHSA-2023:3455 affects OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13.

What security issues are addressed in RHSA-2023:3455?

RHSA-2023:3455 addresses several security bugs and vulnerabilities within the OpenShift Serverless Operator.

Is RHSA-2023:3455 applicable to all OpenShift versions?

No, RHSA-2023:3455 is only applicable to specific versions of the OpenShift Container Platform as mentioned in the advisory.

Vulnerability/
RHSA-2023:3455

5/6/2023

RHSA-2023:3455: Moderate: Release of OpenShift Serverless 1.29.0

First published: Mon Jun 05 2023(Updated: )

Version 1.29.0 of the OpenShift Serverless Operator is supported on Red Hat<br>OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13.<br>This release includes security and bug fixes, and enhancements.<br>Security Fixes in this release include:<br><li> containerd: Supplementary groups are not set up properly(CVE-2023-25173)</li> <li> golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding(CVE-2022-41723)</li> <li> golang: net/http, mime/multipart: denial of service from excessive resource consumption(CVE-2022-41725)</li> <li> golang: crypto/tls: large handshake records may cause panics(CVE-2022-41724)</li> <li> golang: html/template: backticks not treated as string delimiters(CVE-2023-24538)</li> <li> golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption(CVE-2023-24536)</li> <li> golang: net/http, net/textproto: denial of service from excessive memory allocation(CVE-2023-24534)</li> <li> golang: go/parser: Infinite loop in parsing(CVE-2023-24537)</li> For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, see the CVE pages linked from the References section.

Affected Software	Affected Version	How to fix
Red Hat OpenShift Serverless Operator
Red Hat OpenShift Container Platform for IBM LinuxONE	>=4.10<=4.13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2023:3455?
The severity of RHSA-2023:3455 is categorized as a security advisory related to OpenShift Serverless Operator which includes important security fixes.
How do I fix RHSA-2023:3455?
To fix RHSA-2023:3455, users should update to version 1.29.0 of the OpenShift Serverless Operator on supported OpenShift Container Platform versions.
What are the affected versions in RHSA-2023:3455?
RHSA-2023:3455 affects OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13.
What security issues are addressed in RHSA-2023:3455?
RHSA-2023:3455 addresses several security bugs and vulnerabilities within the OpenShift Serverless Operator.
Is RHSA-2023:3455 applicable to all OpenShift versions?
No, RHSA-2023:3455 is only applicable to specific versions of the OpenShift Container Platform as mentioned in the advisory.

agent/references
agent/severity
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2023:3455
agent/title
agent/remedy
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat openshift serverless operator
canonical/red hat openshift container platform for ibm linuxone