-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Windows Container Support for Red Hat OpenShift 2.0.1 security and bug fix update
Advisory ID:       RHSA-2021:2130-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2130
Issue date:        2021-06-23
CVE Names:         CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 
                   CVE-2019-3842 CVE-2019-9169 CVE-2019-25013 
                   CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 
                   CVE-2020-8286 CVE-2020-8927 CVE-2020-13434 
                   CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 
                   CVE-2020-27618 CVE-2020-28196 CVE-2020-29361 
                   CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 
                   CVE-2021-3449 CVE-2021-3450 CVE-2021-20305 
                   CVE-2021-25736 CVE-2021-27219 
====================================================================
1. Summary:

The components for Windows Container Support for Red Hat OpenShift 2.0.1
are now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Windows Container Support for Red Hat OpenShift allows you to deploy
Windows container workloads running on Windows Server containers.

Security Fix(es):

* kubernetes: LoadBalancer Service type don't create a HNS policy for empty
or invalid external loadbalancer IP, what could lead to MITM
(CVE-2021-25736)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)

* LoadBalancer Service type with invalid external loadbalancer IP breaks
the datapath (BZ#1952917)

* Telemetry info not completely available to identify windows nodes
(BZ#1955319)

* WMCO incorrectly shows node as ready after a failed configuration
(BZ#1956412)

* kube-proxy service terminated unexpectedly after recreated LB service
(BZ#1963263)

3. Solution:

For Windows Machine Config Operator upgrades, see the following
documentation:

s-node-upgrades.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1945248 - WMCO patch pub-key-hash annotation to Linux node
1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM
1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath
1955319 - Telemetry info not completely available to identify windows nodes
1956412 - WMCO incorrectly shows node as ready after a failed configuration
1963263 - kube-proxy service terminated unexpectedly after recreated LB service

5. JIRA issues fixed (https://issues.redhat.com/):

WINC-623 - Windows Container Support for Red Hat OpenShift 2.0.1 release

6. References:

https://access.redhat.com/security/cve/CVE-2016-10228
https://access.redhat.com/security/cve/CVE-2017-14502
https://access.redhat.com/security/cve/CVE-2019-2708
https://access.redhat.com/security/cve/CVE-2019-3842
https://access.redhat.com/security/cve/CVE-2019-9169
https://access.redhat.com/security/cve/CVE-2019-25013
https://access.redhat.com/security/cve/CVE-2020-8231
https://access.redhat.com/security/cve/CVE-2020-8284
https://access.redhat.com/security/cve/CVE-2020-8285
https://access.redhat.com/security/cve/CVE-2020-8286
https://access.redhat.com/security/cve/CVE-2020-8927
https://access.redhat.com/security/cve/CVE-2020-13434
https://access.redhat.com/security/cve/CVE-2020-13776
https://access.redhat.com/security/cve/CVE-2020-15358
https://access.redhat.com/security/cve/CVE-2020-24977
https://access.redhat.com/security/cve/CVE-2020-27618
https://access.redhat.com/security/cve/CVE-2020-28196
https://access.redhat.com/security/cve/CVE-2020-29361
https://access.redhat.com/security/cve/CVE-2020-29362
https://access.redhat.com/security/cve/CVE-2020-29363
https://access.redhat.com/security/cve/CVE-2021-3326
https://access.redhat.com/security/cve/CVE-2021-3449
https://access.redhat.com/security/cve/CVE-2021-3450
https://access.redhat.com/security/cve/CVE-2021-20305
https://access.redhat.com/security/cve/CVE-2021-25736
https://access.redhat.com/security/cve/CVE-2021-27219
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYNLJQtzjgjWX9erEAQiFEhAAkThShWuB79EpBYplwy58FHHDmEb5XE1l
98dz9/nQGgfPVp5XEFLuV+O+mitF0Srib+7yWIKZ2mtmswysXAQRJX/IBno2O7qK
g/QqwLDTwmLH5U9kX4OSeFB3xrrnpRNSCvXC8ZCplIRDF3uKFjvHplNHEH+u1mAP
BU2MFq1xVZ2Un2O9NWI+O86YaxIns1WZElj0bAoOs9FuK29Hl4IPMzSr1amiIa6y
w6nvhXiOUdlk3JyPzegFjTepU8A/EH+Lcejrak+uj3LGz3Etxsi0v3AEzJH98BFI
CVR1/egWzqTBlZHXpk/ISIp0bWQcXX+ps1aqKbJyCoTdkNNsre7EeLrgtsaY7zun
lPS5C49jb7BQ2TMRRvgnjJs9U9jX/Dd7bZD6JyUh7AKkd9JtntmFH7uqHrjQut5F
ow0tQT2LT1jExXOGU5Q9mjnS8BdVHS7l5apmGDQ8fA5bqdiLE3upQGnnPgX3RL36
67MyFVq0pggwVm7Zog+A86ReubXdRBiDFoXox1kB1fQpxPGk0SbOt2XKB85qNg0T
cKS2xkVK6IC6vKIudU2NgsR88fzRzj+xS1xRmzvHkr88b/rLzLsbUTgndBbWYNs1
JHAwpHh5W5hF0K6GPM4qVfQmB3CK0tHlVDEXw18FuqwZnEu7yFXoEoG7OR6ksRbx
e/Trd7Zjc+A=j6gI
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2130:01 Moderate: Windows Container Support for Red Hat

The components for Windows Container Support for Red Hat OpenShift 2.0.1 are now available

Summary

Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM (CVE-2021-25736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
* LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
* Telemetry info not completely available to identify windows nodes (BZ#1955319)
* WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
* kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)



Summary


Solution

For Windows Machine Config Operator upgrades, see the following documentation:
s-node-upgrades.html

References

https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-25736 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2021:2130-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2130
Issued Date: : 2021-06-23
CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-13434 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-27618 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-20305 CVE-2021-25736 CVE-2021-27219

Topic

The components for Windows Container Support for Red Hat OpenShift 2.0.1are now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

1945248 - WMCO patch pub-key-hash annotation to Linux node

1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM

1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath

1955319 - Telemetry info not completely available to identify windows nodes

1956412 - WMCO incorrectly shows node as ready after a failed configuration

1963263 - kube-proxy service terminated unexpectedly after recreated LB service

5. JIRA issues fixed (https://issues.redhat.com/):

WINC-623 - Windows Container Support for Red Hat OpenShift 2.0.1 release


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved