RedHat: RHSA-2020-4264:01 Low: OpenShift Container Platform 4.3.40 security
Summary
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
for panic (CVE-2020-9283)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Gather image registry config (backport to 4.3) (BZ#1836815)
* Builds fail after running postCommit script if OCP cluster is configured
with a container registry whitelist (BZ#1849176)
* Login with OpenShift not working after cluster upgrade (BZ#1852429)
* Limit the size of gathered federated metrics from alerts in Insights
Operator (BZ#1874018)
* [4.3] Storage operator stops reconciling when going Upgradeable=False on
v1alpha1 CRDs (BZ#1879110)
* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes
after one of master nodes went down(OAuth) (BZ#1880293)
You may download the oc tool and use it to inspect release image metadata
as follows:
(For x86_64 architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
The image digest is
sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
(For s390x architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.40-s390x
The image digest is
sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
(For ppc64le architecture)
$ oc adm release info
quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
The image digest is
sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
Summary
Solution
For OpenShift Container Platform 4.3 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-release-notes.html
Details on how to access this content are available at
- -cli.html.
References
https://access.redhat.com/security/cve/CVE-2017-12652 https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-2974 https://access.redhat.com/security/cve/CVE-2019-5094 https://access.redhat.com/security/cve/CVE-2019-5188 https://access.redhat.com/security/cve/CVE-2019-5482 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-12450 https://access.redhat.com/security/cve/CVE-2019-12749 https://access.redhat.com/security/cve/CVE-2019-14822 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-14973 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2019-17498 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-19126 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-2181 https://access.redhat.com/security/cve/CVE-2020-2182 https://access.redhat.com/security/cve/CVE-2020-2224 https://access.redhat.com/security/cve/CVE-2020-2225 https://access.redhat.com/security/cve/CVE-2020-2226 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2780 https://access.redhat.com/security/cve/CVE-2020-2812 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/cve/CVE-2020-12825 https://access.redhat.com/security/cve/CVE-2020-14352 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/updates/classification/#low
Package List
Topic
An update is now available for Red Hat OpenShift Container Platform 4.3.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1836815 - Gather image registry config (backport to 4.3)
1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist
1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator
1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized
1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs