Lucene search

RedHatRHSA-2022:0055

HistoryMar 10, 2022 - 12:43 p.m.

(RHSA-2022:0055) Moderate: OpenShift Container Platform 4.10.3 bug fix and security update

2022-03-1012:43:45

access.redhat.com

103

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.5%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:0055

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

Apache HttpComponents client / Apache CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix (CVE-2014-3577)
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
jenkins-2-plugins/git: stored XSS vulnerability (CVE-2021-21684)
golang: syscall: don’t close fd 0 on ForkExec error (CVE-2021-44717)
cri-o: pod with access to ‘hostIPC’ and ‘hostNetwork’ kernel namespace allows sysctl from the list of safe sysctls to be applied to the host (CVE-2022-0532)
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64

The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x

The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le

The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64cri-tools-debuginfo< 1.23.0-1.el8cri-tools-debuginfo-1.23.0-1.el8.aarch64.rpm
RedHat8x86_64ovn21.12-vtep-debuginfo< 21.12.0-25.el8fdpovn21.12-vtep-debuginfo-21.12.0-25.el8fdp.x86_64.rpm
RedHat8x86_64ovn21.09-central< 21.09.0-22.el8fdpovn21.09-central-21.09.0-22.el8fdp.x86_64.rpm
RedHat8ppc64lecontainernetworking-plugins< 0.9.1-1.rhaos4.10.el8containernetworking-plugins-0.9.1-1.rhaos4.10.el8.ppc64le.rpm
RedHat8ppc64lecoreos-installer< 0.12.0-1.rhaos4.10.el8coreos-installer-0.12.0-1.rhaos4.10.el8.ppc64le.rpm
RedHat8aarch64buildah-debuginfo< 1.19.7-1.el8buildah-debuginfo-1.19.7-1.el8.aarch64.rpm
RedHat8s390xcoreos-installer-bootinfra-debuginfo< 0.12.0-1.rhaos4.10.el8coreos-installer-bootinfra-debuginfo-0.12.0-1.rhaos4.10.el8.s390x.rpm
RedHat8noarchpython3-osc-lib< 2.4.2-0.20211012163041.415a6c7.el8python3-osc-lib-2.4.2-0.20211012163041.415a6c7.el8.noarch.rpm
RedHat8s390xovn21.09-host-debuginfo< 21.09.0-22.el8fdpovn21.09-host-debuginfo-21.09.0-22.el8fdp.s390x.rpm
RedHat8ppc64lebutane< 0.14.0-1.rhaos4.10.el8butane-0.14.0-1.rhaos4.10.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	cri-tools-debuginfo	< 1.23.0-1.el8	cri-tools-debuginfo-1.23.0-1.el8.aarch64.rpm
RedHat	8	x86_64	ovn21.12-vtep-debuginfo	< 21.12.0-25.el8fdp	ovn21.12-vtep-debuginfo-21.12.0-25.el8fdp.x86_64.rpm
RedHat	8	x86_64	ovn21.09-central	< 21.09.0-22.el8fdp	ovn21.09-central-21.09.0-22.el8fdp.x86_64.rpm
RedHat	8	ppc64le	containernetworking-plugins	< 0.9.1-1.rhaos4.10.el8	containernetworking-plugins-0.9.1-1.rhaos4.10.el8.ppc64le.rpm
RedHat	8	ppc64le	coreos-installer	< 0.12.0-1.rhaos4.10.el8	coreos-installer-0.12.0-1.rhaos4.10.el8.ppc64le.rpm
RedHat	8	aarch64	buildah-debuginfo	< 1.19.7-1.el8	buildah-debuginfo-1.19.7-1.el8.aarch64.rpm
RedHat	8	s390x	coreos-installer-bootinfra-debuginfo	< 0.12.0-1.rhaos4.10.el8	coreos-installer-bootinfra-debuginfo-0.12.0-1.rhaos4.10.el8.s390x.rpm
RedHat	8	noarch	python3-osc-lib	< 2.4.2-0.20211012163041.415a6c7.el8	python3-osc-lib-2.4.2-0.20211012163041.415a6c7.el8.noarch.rpm
RedHat	8	s390x	ovn21.09-host-debuginfo	< 21.09.0-22.el8fdp	ovn21.09-host-debuginfo-21.09.0-22.el8fdp.s390x.rpm
RedHat	8	ppc64le	butane	< 0.14.0-1.rhaos4.10.el8	butane-0.14.0-1.rhaos4.10.el8.ppc64le.rpm