This Red Hat security advisory (RHSA-2026:0934) covers the release of OpenShift Serverless Logic 1.36.0 security update which includes fixes for 16 CVEs affecting multiple underlying libraries and runtimes such as python3-libs, java-17-openjdk, libxml2, pam, sqlite, cups, expat, and bind. The vulnerabilities include issues like arbitrary file metadata modification outside extraction directories, double free, heap use-after-free, type confusion, directory traversal, authentication bypass, and integer truncation. These issues impact Red Hat OpenShift Serverless on RHEL 8 across several CPU architectures. The update is classified as Important and addresses security bugs documented in previous Red Hat advisories. No CVSS scores are provided in the advisory, and no exploits in the wild are known. The vendor advisory provides detailed bugzilla references and remediation instructions.

The vulnerabilities fixed in this update could allow attackers to perform unauthorized file modifications, cause denial of service through memory corruption or crashes, bypass authentication mechanisms, and potentially execute arbitrary code depending on the specific flaw. The impact spans multiple critical system libraries and runtimes used within Red Hat OpenShift Serverless environments. However, no known active exploitation has been reported. The overall security impact is rated Important by Red Hat, indicating a high risk if unpatched.

Red Hat has released an official security update (OpenShift Serverless Logic 1.36.0) that addresses these vulnerabilities. Users should apply this update promptly after ensuring all previously released relevant errata have been applied. Detailed update instructions are available at Red Hat's official documentation (https://access.redhat.com/articles/11258). Since this is not a cloud service, remediation requires manual update by system administrators. No additional mitigations or workarounds are specified in the advisory.