(RHSA-2023:3450) Moderate: OpenShift Serverless Client kn 1.29.0 release

Red Hat OpenShift Serverless Client kn 1.29.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.29.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

This release includes security and bug fixes, and enhancements.

Security Fixes in this release include:

• containerd: Supplementary groups are not set up properly(CVE-2023-25173)
• golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding(CVE-2022-41723)
• golang: net/http, mime/multipart: denial of service from excessive resource consumption(CVE-2022-41725)
• golang: crypto/tls: large handshake records may cause panics(CVE-2022-41724)
• golang: html/template: backticks not treated as string delimiters(CVE-2023-24538)
• golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption(CVE-2023-24536)
• golang: net/http, net/textproto: denial of service from excessive memory allocation(CVE-2023-24534)
• golang: go/parser: Infinite loop in parsing(CVE-2023-24537)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE pages linked in the References section.