Lucene search

K
redhatRedHatRHSA-2022:2272
HistoryMay 25, 2022 - 9:38 p.m.

(RHSA-2022:2272) Moderate: OpenShift Container Platform 4.8.41 bug fix and security update

2022-05-2521:38:41
(CWE-179|CWE-1173)
access.redhat.com
58
openshift
container platform
4.8.41
bug fix
security update
route hijacking
haproxy
upgrade
cve-2022-1677
release notes
rpm packages
cloud computing
kubernetes application platform

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

86.0%

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2022:2270

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Security Fix(es):

  • openshift/router: route hijacking attack via crafted HAProxy
    configuration file (CVE-2022-1677)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-x86_64

The image digest is sha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-s390x

The image digest is sha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le

The image digest is sha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a

All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Affected configurations

Vulners
Node
redhatjava-11-openjdkRange11.0.15.0.9-2.el7_9
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el7_9
OR
redhatjava-1.7.1-ibm-1Range1.7.1.5.10-1jpp.1.el7
OR
redhatjava-1.8.0-ibm-1Range1.8.0.7.10-1jpp.1.el7
OR
redhatjava-11-openjdkRange11.0.15.0.9-2.el8_5
OR
redhatjava-17-openjdkRange17.0.3.0.6-2.el8_5
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el8_5
OR
redhatjava-1.8.0-ibmRange1.8.0.7.10-1.el8_6
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_1
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_1
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_2
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_2
OR
redhatjava-11-openjdk-1Range11.0.15.0.9-2.el8_4
OR
redhatjava-1.8.0-openjdk-1Range1.8.0.332.b09-1.el8_4
OR
redhatjava-11-openjdkRange11.0.15.0.10-1.el9_0
OR
redhatjava-17-openjdkRange17.0.3.0.7-1.el9_0
OR
redhatjava-1.8.0-openjdkRange1.8.0.332.b09-1.el9_0
OR
redhatjava-1.8.0-ibm-1Range1.8.0.8.0-1jpp.1.el7
OR
redhatopenshift3\/ose-haproxy-routerRangev3.11.705-1.g7a17a5d
OR
redhatopenshift4\/ose-haproxy-routerRangev4.10.0-202204291840.p0.g11109e4.assembly.stream
OR
redhatopenshift4\/ose-haproxy-routerRangev4.6.0-202205131546.p0.g7d2af02.assembly.stream
OR
redhatopenshift4\/ose-haproxy-routerRangev4.7.0-202205131637.p0.ge246a5f.assembly.stream
OR
redhatopenshift4\/ose-haproxy-routerRangev4.8.0-202205131628.p0.gd0d6380.assembly.stream
OR
redhatopenshift4\/ose-haproxy-routerRangev4.9.0-202205131707.p0.gfe7ea46.assembly.stream
OR
redhatzlib-0Range1.2.3-31.el6_10
OR
redhatzlibRange1.2.7-20.el7_9
OR
redhatzlib-0Range1.2.7-17.el7_4.1
OR
redhatzlib-0Range1.2.7-18.el7_6.1
OR
redhatzlib-0Range1.2.7-18.el7_7.1
OR
redhatmingw-zlibRange1.2.8-10.el8
OR
redhatzlibRange1.2.11-18.el8_5
OR
redhatrsyncRange3.1.3-14.el8_6.2
OR
redhatzlib-0Range1.2.11-11.el8_1.1
OR
redhatrsyncRange3.1.3-6.el8_1.1
OR
redhatzlib-0Range1.2.11-17.el8_2
OR
redhatrsyncRange3.1.3-7.el8_2.1
OR
redhatrsyncRange3.1.3-12.el8_4.1
OR
redhatzlib-0Range1.2.11-18.el8_4
OR
redhatzlibRange1.2.11-31.el9_0.1
OR
redhatrsyncRange3.2.3-9.el9_0.1
OR
redhatmingw-zlibRange1.2.12-2.el9
OR
redhatvirtualization_hostRange4.3.23-20220622.0.el7_9
OR
redhatvirtualization_hostRange4.5.0-202205291010_8.6
OR
redhatgzipRange1.5-11.el7_9
OR
redhatxzRange5.2.2-2.el7_9
OR
redhatgzipRange1.9-13.el8_5
OR
redhatxzRange5.2.4-4.el8_6
OR
redhatgzip-0Range1.9-10.el8_1
OR
redhatxz-0Range5.2.4-4.el8_1
OR
redhatgzip-0Range1.9-10.el8_2
OR
redhatxz-0Range5.2.4-4.el8_2
OR
redhatgzip-0Range1.9-13.el8_4
OR
redhatxz-0Range5.2.4-4.el8_4
OR
redhatxzRange5.2.5-8.el9_0
OR
redhatgzipRange1.10-9.el9_0
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatchsupplementary
OR
redhatenterprise_linuxMatch9
OR
redhatenterprise_linuxMatchcrb
OR
redhatenterprise_linuxMatchhypervisor
VendorProductVersionCPE
redhatjava-11-openjdk*cpe:2.3:a:redhat:java-11-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-openjdk*cpe:2.3:a:redhat:java-1.8.0-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.7.1-ibm-1*cpe:2.3:a:redhat:java-1.7.1-ibm-1:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm-1*cpe:2.3:a:redhat:java-1.8.0-ibm-1:*:*:*:*:*:*:*:*
redhatjava-17-openjdk*cpe:2.3:a:redhat:java-17-openjdk:*:*:*:*:*:*:*:*
redhatjava-1.8.0-ibm*cpe:2.3:a:redhat:java-1.8.0-ibm:*:*:*:*:*:*:*:*
redhatjava-11-openjdk-1*cpe:2.3:a:redhat:java-11-openjdk-1:*:*:*:*:*:*:*:*
redhatjava-1.8.0-openjdk-1*cpe:2.3:a:redhat:java-1.8.0-openjdk-1:*:*:*:*:*:*:*:*
redhatopenshift3\/ose-haproxy-router*cpe:2.3:a:redhat:openshift3\/ose-haproxy-router:*:*:*:*:*:*:*:*
redhatopenshift4\/ose-haproxy-router*cpe:2.3:a:redhat:openshift4\/ose-haproxy-router:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 251

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

86.0%