Alerts This Week
Warning Icon 1 775
Alerts This Week
Warning Icon 1 775

Red Hat OpenShift 4.8.2 Moderate Advisory: Multiple Security Concerns

red hat
Calendar Grey July 27, 2021
Dist Redhat Esm H88
Security notice for Red Hat OpenShift Container Platform 4.8.2, focusing on various defects and moderate level vulnerabilities.
Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs

Solution

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes

Details on how to access this content are available at - -cli.html

Summary

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2021:2438
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* openshift: Injected service-ca.crt incorrectly contains additional internal CAs (CVE-2021-3636)
* python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS (CVE-2021-21419)
* jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin (CVE-2021-21623)
* jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin (CVE-2021-21648)
* kubernetes: Validating Admission Webhook does not observe some previous fields (CVE-2021-25735)
* jenkins: lack of type validation in agent related REST API (CVE-2021-21639)
* jenkins: view name validation bypass (CVE-2021-21640)
* kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack (CVE-2021-25737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

Topics%20covered

Topics Covered

security advisory moderate security update red hat bug fixes openshift container platform

References

https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat OpenShift Container Platform 4.8:
Source: cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.src.rpm cri-tools-1.21.0-2.el7.src.rpm haproxy-2.2.13-1.el7.src.rpm openshift-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.src.rpm openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.src.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.src.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el7.src.rpm
noarch: openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm
x86_64: cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm cri-tools-1.21.0-2.el7.x86_64.rpm cri-tools-debuginfo-1.21.0-2.el7.x86_64.rpm haproxy-debuginfo-2.2.13-1.el7.x86_64.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.x86_64.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.8:
Source:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:2437-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2437
Issue date: 2021-07-27

Topic

Red Hat OpenShift Container Platform release 4.8.2 is now available withupdates to packages and images that fix several bugs.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat bug fixes openshift container platform

Relevant Releases Architectures

Red Hat OpenShift Container Platform 4.8 - noarch, ppc64le, s390x, x86_64

Bugs Fixed

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

1937562 - CVE-2021-25735 kubernetes: Validating Admission Webhook does not observe some previous fields

1940489 - CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

1947102 - CVE-2021-21639 jenkins: lack of type validation in agent related REST API

1947105 - CVE-2021-21640 jenkins: view name validation bypass

1954917 - CVE-2021-25737 kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack

1958407 - CVE-2021-21419 python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

1959545 - CVE-2021-21648 jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin

1978621 - CVE-2021-3636 openshift: Injected service-ca.crt incorrectly contains additional internal CAs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here