Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat OpenShift 2.0.1 RHSA-2021-2130-01 Moderate Windows Support Guide

red hat
Calendar Grey June 23, 2021
Dist Redhat Esm H88
This notice addresses security aspects for Windows Container functionality in Red Hat OpenShift 2.0.1, emphasizing critical patches and insights on recent vulnerabilities
The components for Windows Container Support for Red Hat OpenShift 2.0.1 are now available

Solution

For Windows Machine Config Operator upgrades, see the following documentation:

s-node-upgrades.html

Summary

Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM (CVE-2021-25736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
* Telemetry info not completely available to identify windows nodes (BZ#1955319)
* WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)

Topics%20covered

Topics Covered

security advisory update security impact Moderate Red Hat OpenShift MITM Windows Container Support

References

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-20305 Read the Full Advisory

Package List


Advisory ID: RHSA-2021:2130-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2130
Issue date: 2021-06-23

Topic

The components for Windows Container Support for Red Hat OpenShift 2.0.1are now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory update security impact Moderate Red Hat OpenShift MITM Windows Container Support

Relevant Releases Architectures

Bugs Fixed

1945248 - WMCO patch pub-key-hash annotation to Linux node

1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM

1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath

1955319 - Telemetry info not completely available to identify windows nodes

1956412 - WMCO incorrectly shows node as ready after a failed configuration

1963263 - kube-proxy service terminated unexpectedly after recreated LB service

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

WINC-623 - Windows Container Support for Red Hat OpenShift 2.0.1 release

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here