RHSA-2022:4860: Moderate: Release of OpenShift Serverless Client kn 1.22.1
The Red Hat OpenShift Serverless Client kn 1.22.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.22.1. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.Security Fix(es): golang: crypto/elliptic IsOnCurve returns true for invalid field elements(CVE-2022-23806) golang: cmd/go: misinterpretation of branch names can lead to incorrect access control(CVE-2022-23773) golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) For more details about the security issue(s), including the impact; a CVSS score; acknowledgments; and other related information refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:4860?
The severity of RHSA-2022:4860 is classified as moderate.
How do I fix RHSA-2022:4860?
To fix RHSA-2022:4860, upgrade to the latest version of the openshift-serverless-clients package, specifically version 1.1.0-3.el8.
What does RHSA-2022:4860 affect?
RHSA-2022:4860 affects the openshift-serverless-clients package used in Red Hat OpenShift.
What are the affected platforms for RHSA-2022:4860?
The affected platforms for RHSA-2022:4860 include RHEL 8 with x86_64 and ppc64le architectures.
Is there a workaround for RHSA-2022:4860?
There is no official workaround for RHSA-2022:4860; the recommended action is to apply the security update.