Red Hat Security Advisory: Release of OpenShift Serverless 1.33.0 security update & enhancements
🔗 CVE IDs covered (8)
📋 Description
CVE-2023-45289 — golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect CVE-2024-2700 — quarkus-core: Leak of local configuration properties into Quarkus applications CVE-2024-24783 — golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24784 — golang: net/mail: comments in display names are incorrectly handled CVE-2024-24785 — golang: html/template: errors returned from MarshalJSON methods may break template escaping CVE-2024-24786 — golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-28180 — jose-go: improper handling of highly compressed data CVE-2024-29025 — netty-codec-http: Allocation of Resources Without Limits or Throttling
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2024:4028
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268018
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268019
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268021
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268022
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268046
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2268854
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2272907
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2273281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2277864
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2277865
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4028.json