Lucene search
RedHatRHSA-2024:0880HistoryFeb 20, 2024 - 10:59 a.m.
(RHSA-2024:0880) Critical: Release of OpenShift Serverless Client kn 1.31.1 security update
2024-02-2010:59:39
access.redhat.com
11
openshift serverless
kn cli
security update
rpm package
go-git
rce
http
ssh
rapid reset flaw
cvss score
Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact with
Red Hat OpenShift Serverless 1.31.1. The kn CLI is delivered as an RPM package
for installation on RHEL platforms, and as binaries for non-Linux platforms.
This release includes security, bug fixes, and enhancements.
Security Fix(es):
- go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
- go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)
- golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
- ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)
A Red Hat Security Bulletin, which addresses further details about the Rapid
Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | ppc64le | openshift-serverless-clients | < 1.10.0-6.el8 | openshift-serverless-clients-1.10.0-6.el8.ppc64le.rpm |
| RedHat | 8 | s390x | openshift-serverless-clients | < 1.10.0-6.el8 | openshift-serverless-clients-1.10.0-6.el8.s390x.rpm |
| RedHat | 8 | x86_64 | openshift-serverless-clients | < 1.10.0-6.el8 | openshift-serverless-clients-1.10.0-6.el8.x86_64.rpm |
Related
nessus
nessus
RHEL 8 : Release of OpenShift Serverless Client kn 1.31.1 (RHSA-2024:0880)
2024-04-28 00:00:00
Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2458)
2024-02-19 00:00:00
Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1920)
2024-02-19 00:00:00
redhat
redhat
amazon
amazon
Important: amazon-ssm-agent
2024-02-15 03:52:00
Important: amazon-ssm-agent
2024-02-14 20:03:00
Medium: cni-plugins
2024-05-09 19:16:00
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git
2024-03-28 10:40:24
osv
osv
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
2024-01-10 15:37:05
Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4
2024-01-23 15:29:09
Maliciously crafted Git server replies can cause DoS on go-git clients
2023-12-27 15:06:52
ubuntucve
ubuntucve
cbl_mariner
cbl_mariner
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1
2024-06-21 09:32:44
CVE-2023-49569 affecting package packer for versions less than 1.10.1-1
2024-04-12 05:06:27
CVE-2023-49569 affecting package cri-o for versions less than 1.30.1-1
2024-06-21 09:32:44
redhatcve
redhatcve
nvd
nvd
github
github
prion
prion
Path traversal
2024-01-12 11:15:00
Design/Logic Flaw
2024-01-12 11:15:00
Design/Logic Flaw
2023-12-06 17:15:00
cvelist
cvelist
CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
2024-01-12 10:41:00
CVE-2023-49568 Maliciously crafted Git server replies can cause DoS on go-git clients
2024-01-12 10:36:12
CVE-2023-39326 Denial of service via chunk extensions in net/http
2023-12-06 16:27:53
alpinelinux
alpinelinux
CVE-2023-49568
2024-01-12 11:15:12
CVE-2023-39326
2023-12-06 17:15:07
veracode
veracode
Denial Of Service (DoS)
2023-12-28 14:22:10
Path Traversal
2024-01-11 06:38:13
Denial Of Service (DoS)
2023-12-12 07:10:29
debiancve
debiancve
cve
cve
wolfi
wolfi
CVE-2023-49569 vulnerabilities
2024-06-29 09:08:33
CVE-2023-49568 vulnerabilities
2024-06-29 09:08:33
CVE-2023-39326 vulnerabilities
2024-06-29 09:08:33
cgr
cgr
CVE-2023-49569 vulnerabilities
2024-05-19 03:07:16
CVE-2023-49568 vulnerabilities
2024-05-19 03:07:16
CVE-2023-39326 vulnerabilities
2024-05-19 03:07:16
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1174)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1194)
2024-02-09 00:00:00
Mageia: Security Advisory (MGASA-2024-0004)
2024-01-09 00:00:00
oraclelinux
oraclelinux
olcne security update
2024-04-02 00:00:00
olcne security update
2024-04-02 00:00:00
container-tools:4.0 security update
2024-03-01 00:00:00
almalinux
almalinux
Moderate: skopeo security update
2024-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: proftpd-1.3.8b-1.fc39
2023-12-30 01:23:29
[SECURITY] Fedora 39 Update: golang-x-crypto-0.18.0-1.fc39
2024-01-18 01:47:06
[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38
2024-01-29 07:54:09
debian
debian
[SECURITY] [DSA 5599-1] phpseclib security update
2024-01-12 07:13:27
[SECURITY] [DLA 3718-1] php-phpseclib security update
2024-01-25 02:26:07
mageia
mageia
Updated libssh2 packages fix a security vulnerability (Terrapin Attack)
2024-01-08 13:12:44
Updated filezilla packages fix a security vulnerability ("Terrapin attack")
2024-02-10 04:03:35
Updated putty package fixes a security vulnerability (Terrapin attack)
2024-01-08 13:12:44
rosalinux
rosalinux
Advisory ROSA-SA-2024-2382
2024-03-26 11:47:18
paloalto
paloalto
Impact of Terrapin SSH Attack
2024-01-09 01:30:00
freebsd
freebsd
putty -- add protocol extension against 'Terrapin attack'
2023-10-16 00:00:00
ubuntu
ubuntu
Paramiko vulnerability
2024-01-25 00:00:00