RHSA-2021:2704: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.16.0

Release of OpenShift Serverless Client kn 1.16.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Red Hat OpenShift Serverless Client kn 1.16.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.16.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Security Fix(es):

• golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
• golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
• golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-27918: golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader
• CVE-2021-31525: golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
• CVE-2021-33196: golang: archive/zip: malformed archive may cause panic or memory exhaustion