Lucene search

K
redhatRedHatRHSA-2021:0190
HistoryJan 19, 2021 - 1:29 p.m.

(RHSA-2021:0190) Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update

2021-01-1913:29:21
access.redhat.com
116
openshift
container platform
security fix
bug fix
kubernetes
compliance-operator
bz#1899479
bz#1902251
bz#1902634
bz#1907414
bz#1908991
bz#1909081
bz#1909122
cloud computing
kubernetes application platform

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.712

Percentile

98.1%

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
The compliance-operator image updates are now available for OpenShift Container Platform 4.6.

Security Fix(es):

  • golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)

  • The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)

  • The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)

  • [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)

  • The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)

  • Applying the “rhcos4-moderate” compliance profile leads to Ignition error “something else exists at that path” (BZ#1909081)

  • [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.712

Percentile

98.1%