-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.8.2 packages and security update
Advisory ID:       RHSA-2021:2437-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2437
Issue date:        2021-07-27
CVE Names:         CVE-2021-3114 CVE-2021-3121 CVE-2021-3636 
                   CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 
                   CVE-2021-21640 CVE-2021-21648 CVE-2021-25735 
                   CVE-2021-25737 
====================================================================
1. Summary:

Red Hat OpenShift Container Platform release 4.8.2 is now available with
updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container
Platform 4.8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.8 - noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.8.2. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2021:2438

Security Fix(es):

* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)

* golang: crypto/elliptic: incorrect operations on the P-224 curve
(CVE-2021-3114)

* openshift: Injected service-ca.crt incorrectly contains additional
internal CAs (CVE-2021-3636)

* python-eventlet: improper handling of highly compressed data and memory
allocation with excessive size allows DoS (CVE-2021-21419)

* jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix
Authorization Strategy Plugin (CVE-2021-21623)

* jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials
Plugin (CVE-2021-21648)

* kubernetes: Validating Admission Webhook does not observe some previous
fields (CVE-2021-25735)

* jenkins: lack of type validation in agent related REST API
(CVE-2021-21639)

* jenkins: view name validation bypass (CVE-2021-21640)

* kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
(CVE-2021-25737)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.8 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor

4. Solution:

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at
- -cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1937562 - CVE-2021-25735 kubernetes: Validating Admission Webhook does not observe some previous fields
1940489 - CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin
1947102 - CVE-2021-21639 jenkins: lack of type validation in agent related REST API
1947105 - CVE-2021-21640 jenkins: view name validation bypass
1954917 - CVE-2021-25737 kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
1958407 - CVE-2021-21419 python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS
1959545 - CVE-2021-21648 jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin
1978621 - CVE-2021-3636 openshift: Injected service-ca.crt incorrectly contains additional internal CAs

6. Package List:

Red Hat OpenShift Container Platform 4.8:

Source:
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.src.rpm
cri-tools-1.21.0-2.el7.src.rpm
haproxy-2.2.13-1.el7.src.rpm
openshift-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.src.rpm
openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.src.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.src.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el7.src.rpm

noarch:
openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm
openshift-ansible-test-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm

x86_64:
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm
cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm
cri-tools-1.21.0-2.el7.x86_64.rpm
cri-tools-debuginfo-1.21.0-2.el7.x86_64.rpm
haproxy-debuginfo-2.2.13-1.el7.x86_64.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm
openshift-clients-redistributable-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm
openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.x86_64.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm
runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.8:

Source:
atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.src.rpm
butane-0.12.1-1.rhaos4.8.el8.src.rpm
console-login-helper-messages-0.20.3-1.rhaos4.8.el8.src.rpm
coreos-installer-0.9.0-6.rhaos4.8.el8.src.rpm
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.src.rpm
cri-tools-1.21.0-2.el8.src.rpm
haproxy-2.2.13-1.el8.src.rpm
ignition-2.9.0-6.rhaos4.8.el8.src.rpm
ironic-images-2021.1-20210614.1.el8.src.rpm
jenkins-2-plugins-4.8.1624022417-1.el8.src.rpm
jenkins-2.289.1.1624020353-1.el8.src.rpm
kata-containers-2.1.0-4.el8.src.rpm
openshift-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.src.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.src.rpm
openshift-kuryr-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.src.rpm
openstack-ironic-17.0.4-0.20210713221218.a415e7e.el8.src.rpm
openstack-ironic-inspector-10.6.1-0.20210406091336.579f59c.el8.src.rpm
openstack-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.src.rpm
openvswitch2.15-2.15.0-9.el8fdp.src.rpm
ostree-2020.7-5.el8_4.src.rpm
ovn2.13-20.12.0-25.el8fdp.src.rpm
podman-3.0.1-6.el8.src.rpm
python-debtcollector-2.2.0-0.20210324220630.649189d.el8.src.rpm
python-eventlet-0.25.2-4.el8.src.rpm
python-hardware-0.27.0-0.20210406121246.756fedb.el8.src.rpm
python-ironic-lib-4.6.2-0.20210608101214.ca2e4ba.el8.src.rpm
python-ironic-prometheus-exporter-2.2.1-0.20210325143713.70e39c8.el8.src.rpm
python-jsonschema-3.2.0-5.el8ost.src.rpm
python-keystoneauth1-4.3.0-0.20210325001456.6a66271.el8.src.rpm
python-kubernetes-12.0.1-1.el8.src.rpm
python-openshift-0.12.1-1.el8.src.rpm
python-openstacksdk-0.53.0-0.20210325011601.4629245.el8.src.rpm
python-oslo-concurrency-4.4.0-0.20210325004915.7dcf9e9.el8.src.rpm
python-oslo-config-8.5.0-0.20210325050501.cfa2564.el8.src.rpm
python-oslo-context-3.2.0-0.20210325043103.0d02866.el8.src.rpm
python-oslo-db-8.5.0-0.20210325041241.503db60.el8.src.rpm
python-oslo-i18n-5.0.1-0.20210324221600.73187bd.el8.src.rpm
python-oslo-log-4.4.0-0.20210409081224.9b29c90.el8.src.rpm
python-oslo-policy-3.7.0-0.20210325051823.d853485.el8.src.rpm
python-oslo-serialization-4.1.0-0.20210325012242.8445e61.el8.src.rpm
python-oslo-service-2.5.0-0.20210325014731.d25e454.el8.src.rpm
python-oslo-upgradecheck-1.3.0-0.20210325003851.9f95a6e.el8.src.rpm
python-oslo-utils-4.8.0-0.20210325043201.3288539.el8.src.rpm
python-pyrsistent-0.16.0-3.el8ost.src.rpm
python-stevedore-3.3.0-0.20210325001012.7d7154f.el8.src.rpm
python-sushy-3.7.1-0.20210428165244.bc49878.el8.src.rpm
python-sushy-oem-idrac-2.0.1-0.20210326152858.83b7eb0.el8.src.rpm
python-tooz-2.8.0-0.20210324235001.54448e9.el8.src.rpm
redhat-release-coreos-48.84-4.el8.src.rpm
rteval-loads-1.4-12.el8.src.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el8.src.rpm
rust-afterburn-5.0.0-1.rhaos4.8.el8.src.rpm
toolbox-0.0.8-3.rhaos4.8.el8.src.rpm

noarch:
console-login-helper-messages-0.20.3-1.rhaos4.8.el8.noarch.rpm
console-login-helper-messages-issuegen-0.20.3-1.rhaos4.8.el8.noarch.rpm
console-login-helper-messages-profile-0.20.3-1.rhaos4.8.el8.noarch.rpm
ironic-images-2021.1-20210614.1.el8.noarch.rpm
ironic-images-all-2021.1-20210614.1.el8.noarch.rpm
ironic-images-ipa-ppc64le-2021.1-20210614.1.el8.noarch.rpm
ironic-images-ipa-x86_64-2021.1-20210614.1.el8.noarch.rpm
jenkins-2-plugins-4.8.1624022417-1.el8.noarch.rpm
jenkins-2.289.1.1624020353-1.el8.noarch.rpm
openshift-kuryr-cni-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm
openshift-kuryr-common-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm
openshift-kuryr-controller-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm
openstack-ironic-api-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm
openstack-ironic-common-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm
openstack-ironic-conductor-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm
openstack-ironic-inspector-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm
openstack-ironic-inspector-api-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm
openstack-ironic-inspector-conductor-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm
openstack-ironic-inspector-dnsmasq-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm
openstack-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.noarch.rpm
podman-docker-3.0.1-6.el8.noarch.rpm
python-oslo-concurrency-lang-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm
python-oslo-db-lang-8.5.0-0.20210325041241.503db60.el8.noarch.rpm
python-oslo-i18n-lang-5.0.1-0.20210324221600.73187bd.el8.noarch.rpm
python-oslo-log-lang-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm
python-oslo-policy-lang-3.7.0-0.20210325051823.d853485.el8.noarch.rpm
python-oslo-utils-lang-4.8.0-0.20210325043201.3288539.el8.noarch.rpm
python3-debtcollector-2.2.0-0.20210324220630.649189d.el8.noarch.rpm
python3-eventlet-0.25.2-4.el8.noarch.rpm
python3-hardware-0.27.0-0.20210406121246.756fedb.el8.noarch.rpm
python3-hardware-detect-0.27.0-0.20210406121246.756fedb.el8.noarch.rpm
python3-ironic-inspector-tests-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm
python3-ironic-lib-4.6.2-0.20210608101214.ca2e4ba.el8.noarch.rpm
python3-ironic-prometheus-exporter-2.2.1-0.20210325143713.70e39c8.el8.noarch.rpm
python3-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.noarch.rpm
python3-ironic-tests-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm
python3-jsonschema-3.2.0-5.el8ost.noarch.rpm
python3-keystoneauth1-4.3.0-0.20210325001456.6a66271.el8.noarch.rpm
python3-kubernetes-12.0.1-1.el8.noarch.rpm
python3-kubernetes-tests-12.0.1-1.el8.noarch.rpm
python3-kuryr-kubernetes-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm
python3-openshift-0.12.1-1.el8.noarch.rpm
python3-openstacksdk-0.53.0-0.20210325011601.4629245.el8.noarch.rpm
python3-openstacksdk-tests-0.53.0-0.20210325011601.4629245.el8.noarch.rpm
python3-oslo-concurrency-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm
python3-oslo-concurrency-tests-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm
python3-oslo-config-8.5.0-0.20210325050501.cfa2564.el8.noarch.rpm
python3-oslo-context-3.2.0-0.20210325043103.0d02866.el8.noarch.rpm
python3-oslo-db-8.5.0-0.20210325041241.503db60.el8.noarch.rpm
python3-oslo-db-tests-8.5.0-0.20210325041241.503db60.el8.noarch.rpm
python3-oslo-i18n-5.0.1-0.20210324221600.73187bd.el8.noarch.rpm
python3-oslo-log-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm
python3-oslo-log-tests-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm
python3-oslo-policy-3.7.0-0.20210325051823.d853485.el8.noarch.rpm
python3-oslo-serialization-4.1.0-0.20210325012242.8445e61.el8.noarch.rpm
python3-oslo-serialization-tests-4.1.0-0.20210325012242.8445e61.el8.noarch.rpm
python3-oslo-service-2.5.0-0.20210325014731.d25e454.el8.noarch.rpm
python3-oslo-service-tests-2.5.0-0.20210325014731.d25e454.el8.noarch.rpm
python3-oslo-upgradecheck-1.3.0-0.20210325003851.9f95a6e.el8.noarch.rpm
python3-oslo-utils-4.8.0-0.20210325043201.3288539.el8.noarch.rpm
python3-oslo-utils-tests-4.8.0-0.20210325043201.3288539.el8.noarch.rpm
python3-stevedore-3.3.0-0.20210325001012.7d7154f.el8.noarch.rpm
python3-sushy-3.7.1-0.20210428165244.bc49878.el8.noarch.rpm
python3-sushy-oem-idrac-2.0.1-0.20210326152858.83b7eb0.el8.noarch.rpm
python3-sushy-oem-idrac-tests-2.0.1-0.20210326152858.83b7eb0.el8.noarch.rpm
python3-sushy-tests-3.7.1-0.20210428165244.bc49878.el8.noarch.rpm
python3-tooz-2.8.0-0.20210324235001.54448e9.el8.noarch.rpm
toolbox-0.0.8-3.rhaos4.8.el8.noarch.rpm

ppc64le:
afterburn-5.0.0-1.rhaos4.8.el8.ppc64le.rpm
afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.ppc64le.rpm
atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.ppc64le.rpm
butane-0.12.1-1.rhaos4.8.el8.ppc64le.rpm
butane-debuginfo-0.12.1-1.rhaos4.8.el8.ppc64le.rpm
coreos-installer-0.9.0-6.rhaos4.8.el8.ppc64le.rpm
coreos-installer-bootinfra-0.9.0-6.rhaos4.8.el8.ppc64le.rpm
coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.ppc64le.rpm
coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.ppc64le.rpm
coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.ppc64le.rpm
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm
cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm
cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm
cri-tools-1.21.0-2.el8.ppc64le.rpm
cri-tools-debuginfo-1.21.0-2.el8.ppc64le.rpm
cri-tools-debugsource-1.21.0-2.el8.ppc64le.rpm
haproxy-debugsource-2.2.13-1.el8.ppc64le.rpm
ignition-2.9.0-6.rhaos4.8.el8.ppc64le.rpm
ignition-debuginfo-2.9.0-6.rhaos4.8.el8.ppc64le.rpm
ignition-debugsource-2.9.0-6.rhaos4.8.el8.ppc64le.rpm
ignition-validate-2.9.0-6.rhaos4.8.el8.ppc64le.rpm
ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.ppc64le.rpm
kata-containers-2.1.0-4.el8.ppc64le.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.ppc64le.rpm
openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.ppc64le.rpm
openvswitch2.15-2.15.0-9.el8fdp.ppc64le.rpm
openvswitch2.15-debuginfo-2.15.0-9.el8fdp.ppc64le.rpm
openvswitch2.15-devel-2.15.0-9.el8fdp.ppc64le.rpm
openvswitch2.15-ipsec-2.15.0-9.el8fdp.ppc64le.rpm
ostree-2020.7-5.el8_4.ppc64le.rpm
ostree-debuginfo-2020.7-5.el8_4.ppc64le.rpm
ostree-debugsource-2020.7-5.el8_4.ppc64le.rpm
ostree-devel-2020.7-5.el8_4.ppc64le.rpm
ostree-grub2-2020.7-5.el8_4.ppc64le.rpm
ostree-libs-2020.7-5.el8_4.ppc64le.rpm
ostree-libs-debuginfo-2020.7-5.el8_4.ppc64le.rpm
ovn2.13-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-central-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-central-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-debugsource-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-host-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-host-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-vtep-20.12.0-25.el8fdp.ppc64le.rpm
ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm
podman-3.0.1-6.el8.ppc64le.rpm
podman-catatonit-debuginfo-3.0.1-6.el8.ppc64le.rpm
podman-debuginfo-3.0.1-6.el8.ppc64le.rpm
podman-debugsource-3.0.1-6.el8.ppc64le.rpm
podman-plugins-debuginfo-3.0.1-6.el8.ppc64le.rpm
podman-remote-3.0.1-6.el8.ppc64le.rpm
podman-remote-debuginfo-3.0.1-6.el8.ppc64le.rpm
podman-tests-3.0.1-6.el8.ppc64le.rpm
python3-openvswitch2.15-2.15.0-9.el8fdp.ppc64le.rpm
python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.ppc64le.rpm
python3-pyrsistent-0.16.0-3.el8ost.ppc64le.rpm
python3-pyrsistent-debuginfo-0.16.0-3.el8ost.ppc64le.rpm
redhat-release-coreos-48.84-4.el8.ppc64le.rpm
rteval-loads-1.4-12.el8.ppc64le.rpm
rteval-loads-debugsource-1.4-12.el8.ppc64le.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm
runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm
runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm
rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.ppc64le.rpm
stress-ng-0.12.06-1.el8.ppc64le.rpm
stress-ng-debuginfo-0.12.06-1.el8.ppc64le.rpm

s390x:
afterburn-5.0.0-1.rhaos4.8.el8.s390x.rpm
afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.s390x.rpm
atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.s390x.rpm
butane-0.12.1-1.rhaos4.8.el8.s390x.rpm
butane-debuginfo-0.12.1-1.rhaos4.8.el8.s390x.rpm
coreos-installer-0.9.0-6.rhaos4.8.el8.s390x.rpm
coreos-installer-bootinfra-0.9.0-6.rhaos4.8.el8.s390x.rpm
coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.s390x.rpm
coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.s390x.rpm
coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.s390x.rpm
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm
cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm
cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm
cri-tools-1.21.0-2.el8.s390x.rpm
cri-tools-debuginfo-1.21.0-2.el8.s390x.rpm
cri-tools-debugsource-1.21.0-2.el8.s390x.rpm
haproxy-debugsource-2.2.13-1.el8.s390x.rpm
ignition-2.9.0-6.rhaos4.8.el8.s390x.rpm
ignition-debuginfo-2.9.0-6.rhaos4.8.el8.s390x.rpm
ignition-debugsource-2.9.0-6.rhaos4.8.el8.s390x.rpm
ignition-validate-2.9.0-6.rhaos4.8.el8.s390x.rpm
ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.s390x.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.s390x.rpm
openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.s390x.rpm
openvswitch2.15-2.15.0-9.el8fdp.s390x.rpm
openvswitch2.15-debuginfo-2.15.0-9.el8fdp.s390x.rpm
openvswitch2.15-devel-2.15.0-9.el8fdp.s390x.rpm
openvswitch2.15-ipsec-2.15.0-9.el8fdp.s390x.rpm
ostree-2020.7-5.el8_4.s390x.rpm
ostree-debuginfo-2020.7-5.el8_4.s390x.rpm
ostree-debugsource-2020.7-5.el8_4.s390x.rpm
ostree-devel-2020.7-5.el8_4.s390x.rpm
ostree-libs-2020.7-5.el8_4.s390x.rpm
ostree-libs-debuginfo-2020.7-5.el8_4.s390x.rpm
ovn2.13-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-central-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-central-debuginfo-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-debuginfo-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-debugsource-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-host-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-host-debuginfo-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-vtep-20.12.0-25.el8fdp.s390x.rpm
ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.s390x.rpm
podman-3.0.1-6.el8.s390x.rpm
podman-catatonit-debuginfo-3.0.1-6.el8.s390x.rpm
podman-debuginfo-3.0.1-6.el8.s390x.rpm
podman-debugsource-3.0.1-6.el8.s390x.rpm
podman-plugins-debuginfo-3.0.1-6.el8.s390x.rpm
podman-remote-3.0.1-6.el8.s390x.rpm
podman-remote-debuginfo-3.0.1-6.el8.s390x.rpm
podman-tests-3.0.1-6.el8.s390x.rpm
python3-openvswitch2.15-2.15.0-9.el8fdp.s390x.rpm
python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.s390x.rpm
python3-pyrsistent-0.16.0-3.el8ost.s390x.rpm
python3-pyrsistent-debuginfo-0.16.0-3.el8ost.s390x.rpm
redhat-release-coreos-48.84-4.el8.s390x.rpm
rteval-loads-1.4-12.el8.s390x.rpm
rteval-loads-debugsource-1.4-12.el8.s390x.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm
runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm
runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm
rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.s390x.rpm
stress-ng-0.12.06-1.el8.s390x.rpm
stress-ng-debuginfo-0.12.06-1.el8.s390x.rpm

x86_64:
afterburn-5.0.0-1.rhaos4.8.el8.x86_64.rpm
afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.x86_64.rpm
atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.x86_64.rpm
butane-0.12.1-1.rhaos4.8.el8.x86_64.rpm
butane-debuginfo-0.12.1-1.rhaos4.8.el8.x86_64.rpm
coreos-installer-0.9.0-6.rhaos4.8.el8.x86_64.rpm
coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.x86_64.rpm
coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.x86_64.rpm
coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.x86_64.rpm
cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm
cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm
cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm
cri-tools-1.21.0-2.el8.x86_64.rpm
cri-tools-debuginfo-1.21.0-2.el8.x86_64.rpm
cri-tools-debugsource-1.21.0-2.el8.x86_64.rpm
haproxy-debugsource-2.2.13-1.el8.x86_64.rpm
ignition-2.9.0-6.rhaos4.8.el8.x86_64.rpm
ignition-debuginfo-2.9.0-6.rhaos4.8.el8.x86_64.rpm
ignition-debugsource-2.9.0-6.rhaos4.8.el8.x86_64.rpm
ignition-validate-2.9.0-6.rhaos4.8.el8.x86_64.rpm
ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.x86_64.rpm
kata-containers-2.1.0-4.el8.x86_64.rpm
openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.x86_64.rpm
openshift-clients-redistributable-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.x86_64.rpm
openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.x86_64.rpm
openvswitch2.15-2.15.0-9.el8fdp.x86_64.rpm
openvswitch2.15-debuginfo-2.15.0-9.el8fdp.x86_64.rpm
openvswitch2.15-devel-2.15.0-9.el8fdp.x86_64.rpm
openvswitch2.15-ipsec-2.15.0-9.el8fdp.x86_64.rpm
ostree-2020.7-5.el8_4.x86_64.rpm
ostree-debuginfo-2020.7-5.el8_4.x86_64.rpm
ostree-debugsource-2020.7-5.el8_4.x86_64.rpm
ostree-devel-2020.7-5.el8_4.x86_64.rpm
ostree-grub2-2020.7-5.el8_4.x86_64.rpm
ostree-libs-2020.7-5.el8_4.x86_64.rpm
ostree-libs-debuginfo-2020.7-5.el8_4.x86_64.rpm
ovn2.13-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-central-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-central-debuginfo-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-debuginfo-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-debugsource-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-host-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-host-debuginfo-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-vtep-20.12.0-25.el8fdp.x86_64.rpm
ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.x86_64.rpm
podman-3.0.1-6.el8.x86_64.rpm
podman-catatonit-debuginfo-3.0.1-6.el8.x86_64.rpm
podman-debuginfo-3.0.1-6.el8.x86_64.rpm
podman-debugsource-3.0.1-6.el8.x86_64.rpm
podman-plugins-debuginfo-3.0.1-6.el8.x86_64.rpm
podman-remote-3.0.1-6.el8.x86_64.rpm
podman-remote-debuginfo-3.0.1-6.el8.x86_64.rpm
podman-tests-3.0.1-6.el8.x86_64.rpm
python3-openvswitch2.15-2.15.0-9.el8fdp.x86_64.rpm
python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.x86_64.rpm
python3-pyrsistent-0.16.0-3.el8ost.x86_64.rpm
python3-pyrsistent-debuginfo-0.16.0-3.el8ost.x86_64.rpm
redhat-release-coreos-48.84-4.el8.x86_64.rpm
rteval-loads-1.4-12.el8.x86_64.rpm
rteval-loads-debugsource-1.4-12.el8.x86_64.rpm
runc-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm
runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm
runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm
rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.x86_64.rpm
stress-ng-0.12.06-1.el8.x86_64.rpm
stress-ng-debuginfo-0.12.06-1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3636
https://access.redhat.com/security/cve/CVE-2021-21419
https://access.redhat.com/security/cve/CVE-2021-21623
https://access.redhat.com/security/cve/CVE-2021-21639
https://access.redhat.com/security/cve/CVE-2021-21640
https://access.redhat.com/security/cve/CVE-2021-21648
https://access.redhat.com/security/cve/CVE-2021-25735
https://access.redhat.com/security/cve/CVE-2021-25737
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYQCN2tzjgjWX9erEAQjA2g/9EpxH6YUEaqL5/eTYDmWHRKp/ELYMxoIz
S5LpAZ696LlLf9QuTaC3Cbtn/MKrz9WXLWC1YsuohDx8kRfdaUfOXSECJ9RyD3qE
0o3GyrQ6IoORaYo19UO0RBljOe9cGvifvcZORgUjBvxDSsu7PcWI7M3dWgib15Ty
2LqL1878t/yQFr9xamtyGx6XuQ6SseOANwYSVw11oIgNtajzyeNY5NQWidzyc0Ip
RUXB5FELBfHmP2zZf90Ebtejv82mVQZR4o9X0RSrrn+HomnBMZcVAFWjJwQFR4ht
MobMQCEfzaZQ4I8RWONaC1XlGJWHkz11Rw3QNgPWtjBKmxg/Rpy8gnMoWavK/lPV
LB/rXFbunteONYW1zwtxrDPiKYvy7eQWY8TbyIJwZHHnUfLMqA96RcXcHcAq/1j5
GnruZVbMhGOMX563RgPudeXNVp5fkChMZrFkpmEwXUQMRpTK4nHyIomJzG9Sbwpy
Cg6Yw65svd+UIrwnoaVzct1ZbYalPlrNWqppdT4PHvml3utzAw8qjMluSK/p9rxF
mVtTjc6LTAw3nXLh09yPM1Y6uip7C0FbEp+RgwJls+PbDRia6sidgHK1noJzB6Td
5F3ZQCDxm5C1qO0T97rMSLRMldpJR897Qx6zzvzly+0HT7qreQ9tYCMVfSCwOIDz
N8elIrUEAZ4=GXi4
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2437:01 Moderate: OpenShift Container Platform 4.8.2

Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs

Summary

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2021:2438
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* openshift: Injected service-ca.crt incorrectly contains additional internal CAs (CVE-2021-3636)
* python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS (CVE-2021-21419)
* jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin (CVE-2021-21623)
* jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin (CVE-2021-21648)
* kubernetes: Validating Admission Webhook does not observe some previous fields (CVE-2021-25735)
* jenkins: lack of type validation in agent related REST API (CVE-2021-21639)
* jenkins: view name validation bypass (CVE-2021-21640)
* kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack (CVE-2021-25737)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor



Summary


Solution

For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
Details on how to access this content are available at - -cli.html

References

https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat OpenShift Container Platform 4.8:
Source: cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.src.rpm cri-tools-1.21.0-2.el7.src.rpm haproxy-2.2.13-1.el7.src.rpm openshift-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.src.rpm openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.src.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.src.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el7.src.rpm
noarch: openshift-ansible-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm openshift-ansible-test-4.8.0-202106281541.p0.git.626f7a3.assembly.stream.el7.noarch.rpm
x86_64: cri-o-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el7.x86_64.rpm cri-tools-1.21.0-2.el7.x86_64.rpm cri-tools-debuginfo-1.21.0-2.el7.x86_64.rpm haproxy-debuginfo-2.2.13-1.el7.x86_64.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm openshift-clients-redistributable-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el7.x86_64.rpm openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7.x86_64.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.8:
Source: atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.src.rpm butane-0.12.1-1.rhaos4.8.el8.src.rpm console-login-helper-messages-0.20.3-1.rhaos4.8.el8.src.rpm coreos-installer-0.9.0-6.rhaos4.8.el8.src.rpm cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.src.rpm cri-tools-1.21.0-2.el8.src.rpm haproxy-2.2.13-1.el8.src.rpm ignition-2.9.0-6.rhaos4.8.el8.src.rpm ironic-images-2021.1-20210614.1.el8.src.rpm jenkins-2-plugins-4.8.1624022417-1.el8.src.rpm jenkins-2.289.1.1624020353-1.el8.src.rpm kata-containers-2.1.0-4.el8.src.rpm openshift-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.src.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.src.rpm openshift-kuryr-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.src.rpm openstack-ironic-17.0.4-0.20210713221218.a415e7e.el8.src.rpm openstack-ironic-inspector-10.6.1-0.20210406091336.579f59c.el8.src.rpm openstack-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.src.rpm openvswitch2.15-2.15.0-9.el8fdp.src.rpm ostree-2020.7-5.el8_4.src.rpm ovn2.13-20.12.0-25.el8fdp.src.rpm podman-3.0.1-6.el8.src.rpm python-debtcollector-2.2.0-0.20210324220630.649189d.el8.src.rpm python-eventlet-0.25.2-4.el8.src.rpm python-hardware-0.27.0-0.20210406121246.756fedb.el8.src.rpm python-ironic-lib-4.6.2-0.20210608101214.ca2e4ba.el8.src.rpm python-ironic-prometheus-exporter-2.2.1-0.20210325143713.70e39c8.el8.src.rpm python-jsonschema-3.2.0-5.el8ost.src.rpm python-keystoneauth1-4.3.0-0.20210325001456.6a66271.el8.src.rpm python-kubernetes-12.0.1-1.el8.src.rpm python-openshift-0.12.1-1.el8.src.rpm python-openstacksdk-0.53.0-0.20210325011601.4629245.el8.src.rpm python-oslo-concurrency-4.4.0-0.20210325004915.7dcf9e9.el8.src.rpm python-oslo-config-8.5.0-0.20210325050501.cfa2564.el8.src.rpm python-oslo-context-3.2.0-0.20210325043103.0d02866.el8.src.rpm python-oslo-db-8.5.0-0.20210325041241.503db60.el8.src.rpm python-oslo-i18n-5.0.1-0.20210324221600.73187bd.el8.src.rpm python-oslo-log-4.4.0-0.20210409081224.9b29c90.el8.src.rpm python-oslo-policy-3.7.0-0.20210325051823.d853485.el8.src.rpm python-oslo-serialization-4.1.0-0.20210325012242.8445e61.el8.src.rpm python-oslo-service-2.5.0-0.20210325014731.d25e454.el8.src.rpm python-oslo-upgradecheck-1.3.0-0.20210325003851.9f95a6e.el8.src.rpm python-oslo-utils-4.8.0-0.20210325043201.3288539.el8.src.rpm python-pyrsistent-0.16.0-3.el8ost.src.rpm python-stevedore-3.3.0-0.20210325001012.7d7154f.el8.src.rpm python-sushy-3.7.1-0.20210428165244.bc49878.el8.src.rpm python-sushy-oem-idrac-2.0.1-0.20210326152858.83b7eb0.el8.src.rpm python-tooz-2.8.0-0.20210324235001.54448e9.el8.src.rpm redhat-release-coreos-48.84-4.el8.src.rpm rteval-loads-1.4-12.el8.src.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el8.src.rpm rust-afterburn-5.0.0-1.rhaos4.8.el8.src.rpm toolbox-0.0.8-3.rhaos4.8.el8.src.rpm
noarch: console-login-helper-messages-0.20.3-1.rhaos4.8.el8.noarch.rpm console-login-helper-messages-issuegen-0.20.3-1.rhaos4.8.el8.noarch.rpm console-login-helper-messages-profile-0.20.3-1.rhaos4.8.el8.noarch.rpm ironic-images-2021.1-20210614.1.el8.noarch.rpm ironic-images-all-2021.1-20210614.1.el8.noarch.rpm ironic-images-ipa-ppc64le-2021.1-20210614.1.el8.noarch.rpm ironic-images-ipa-x86_64-2021.1-20210614.1.el8.noarch.rpm jenkins-2-plugins-4.8.1624022417-1.el8.noarch.rpm jenkins-2.289.1.1624020353-1.el8.noarch.rpm openshift-kuryr-cni-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm openstack-ironic-api-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm openstack-ironic-common-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm openstack-ironic-conductor-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm openstack-ironic-inspector-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm openstack-ironic-inspector-api-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm openstack-ironic-inspector-conductor-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm openstack-ironic-inspector-dnsmasq-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm openstack-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.noarch.rpm podman-docker-3.0.1-6.el8.noarch.rpm python-oslo-concurrency-lang-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm python-oslo-db-lang-8.5.0-0.20210325041241.503db60.el8.noarch.rpm python-oslo-i18n-lang-5.0.1-0.20210324221600.73187bd.el8.noarch.rpm python-oslo-log-lang-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm python-oslo-policy-lang-3.7.0-0.20210325051823.d853485.el8.noarch.rpm python-oslo-utils-lang-4.8.0-0.20210325043201.3288539.el8.noarch.rpm python3-debtcollector-2.2.0-0.20210324220630.649189d.el8.noarch.rpm python3-eventlet-0.25.2-4.el8.noarch.rpm python3-hardware-0.27.0-0.20210406121246.756fedb.el8.noarch.rpm python3-hardware-detect-0.27.0-0.20210406121246.756fedb.el8.noarch.rpm python3-ironic-inspector-tests-10.6.1-0.20210406091336.579f59c.el8.noarch.rpm python3-ironic-lib-4.6.2-0.20210608101214.ca2e4ba.el8.noarch.rpm python3-ironic-prometheus-exporter-2.2.1-0.20210325143713.70e39c8.el8.noarch.rpm python3-ironic-python-agent-7.0.2-0.20210611153100.bfa97cb.el8.noarch.rpm python3-ironic-tests-17.0.4-0.20210713221218.a415e7e.el8.noarch.rpm python3-jsonschema-3.2.0-5.el8ost.noarch.rpm python3-keystoneauth1-4.3.0-0.20210325001456.6a66271.el8.noarch.rpm python3-kubernetes-12.0.1-1.el8.noarch.rpm python3-kubernetes-tests-12.0.1-1.el8.noarch.rpm python3-kuryr-kubernetes-4.8.0-202106281541.p0.git.8a4c2d8.assembly.stream.el8.noarch.rpm python3-openshift-0.12.1-1.el8.noarch.rpm python3-openstacksdk-0.53.0-0.20210325011601.4629245.el8.noarch.rpm python3-openstacksdk-tests-0.53.0-0.20210325011601.4629245.el8.noarch.rpm python3-oslo-concurrency-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm python3-oslo-concurrency-tests-4.4.0-0.20210325004915.7dcf9e9.el8.noarch.rpm python3-oslo-config-8.5.0-0.20210325050501.cfa2564.el8.noarch.rpm python3-oslo-context-3.2.0-0.20210325043103.0d02866.el8.noarch.rpm python3-oslo-db-8.5.0-0.20210325041241.503db60.el8.noarch.rpm python3-oslo-db-tests-8.5.0-0.20210325041241.503db60.el8.noarch.rpm python3-oslo-i18n-5.0.1-0.20210324221600.73187bd.el8.noarch.rpm python3-oslo-log-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm python3-oslo-log-tests-4.4.0-0.20210409081224.9b29c90.el8.noarch.rpm python3-oslo-policy-3.7.0-0.20210325051823.d853485.el8.noarch.rpm python3-oslo-serialization-4.1.0-0.20210325012242.8445e61.el8.noarch.rpm python3-oslo-serialization-tests-4.1.0-0.20210325012242.8445e61.el8.noarch.rpm python3-oslo-service-2.5.0-0.20210325014731.d25e454.el8.noarch.rpm python3-oslo-service-tests-2.5.0-0.20210325014731.d25e454.el8.noarch.rpm python3-oslo-upgradecheck-1.3.0-0.20210325003851.9f95a6e.el8.noarch.rpm python3-oslo-utils-4.8.0-0.20210325043201.3288539.el8.noarch.rpm python3-oslo-utils-tests-4.8.0-0.20210325043201.3288539.el8.noarch.rpm python3-stevedore-3.3.0-0.20210325001012.7d7154f.el8.noarch.rpm python3-sushy-3.7.1-0.20210428165244.bc49878.el8.noarch.rpm python3-sushy-oem-idrac-2.0.1-0.20210326152858.83b7eb0.el8.noarch.rpm python3-sushy-oem-idrac-tests-2.0.1-0.20210326152858.83b7eb0.el8.noarch.rpm python3-sushy-tests-3.7.1-0.20210428165244.bc49878.el8.noarch.rpm python3-tooz-2.8.0-0.20210324235001.54448e9.el8.noarch.rpm toolbox-0.0.8-3.rhaos4.8.el8.noarch.rpm
ppc64le: afterburn-5.0.0-1.rhaos4.8.el8.ppc64le.rpm afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.ppc64le.rpm atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.ppc64le.rpm butane-0.12.1-1.rhaos4.8.el8.ppc64le.rpm butane-debuginfo-0.12.1-1.rhaos4.8.el8.ppc64le.rpm coreos-installer-0.9.0-6.rhaos4.8.el8.ppc64le.rpm coreos-installer-bootinfra-0.9.0-6.rhaos4.8.el8.ppc64le.rpm coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.ppc64le.rpm coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.ppc64le.rpm coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.ppc64le.rpm cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.ppc64le.rpm cri-tools-1.21.0-2.el8.ppc64le.rpm cri-tools-debuginfo-1.21.0-2.el8.ppc64le.rpm cri-tools-debugsource-1.21.0-2.el8.ppc64le.rpm haproxy-debugsource-2.2.13-1.el8.ppc64le.rpm ignition-2.9.0-6.rhaos4.8.el8.ppc64le.rpm ignition-debuginfo-2.9.0-6.rhaos4.8.el8.ppc64le.rpm ignition-debugsource-2.9.0-6.rhaos4.8.el8.ppc64le.rpm ignition-validate-2.9.0-6.rhaos4.8.el8.ppc64le.rpm ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.ppc64le.rpm kata-containers-2.1.0-4.el8.ppc64le.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.ppc64le.rpm openvswitch2.15-2.15.0-9.el8fdp.ppc64le.rpm openvswitch2.15-debuginfo-2.15.0-9.el8fdp.ppc64le.rpm openvswitch2.15-devel-2.15.0-9.el8fdp.ppc64le.rpm openvswitch2.15-ipsec-2.15.0-9.el8fdp.ppc64le.rpm ostree-2020.7-5.el8_4.ppc64le.rpm ostree-debuginfo-2020.7-5.el8_4.ppc64le.rpm ostree-debugsource-2020.7-5.el8_4.ppc64le.rpm ostree-devel-2020.7-5.el8_4.ppc64le.rpm ostree-grub2-2020.7-5.el8_4.ppc64le.rpm ostree-libs-2020.7-5.el8_4.ppc64le.rpm ostree-libs-debuginfo-2020.7-5.el8_4.ppc64le.rpm ovn2.13-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-central-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-central-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-debugsource-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-host-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-host-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-vtep-20.12.0-25.el8fdp.ppc64le.rpm ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.ppc64le.rpm podman-3.0.1-6.el8.ppc64le.rpm podman-catatonit-debuginfo-3.0.1-6.el8.ppc64le.rpm podman-debuginfo-3.0.1-6.el8.ppc64le.rpm podman-debugsource-3.0.1-6.el8.ppc64le.rpm podman-plugins-debuginfo-3.0.1-6.el8.ppc64le.rpm podman-remote-3.0.1-6.el8.ppc64le.rpm podman-remote-debuginfo-3.0.1-6.el8.ppc64le.rpm podman-tests-3.0.1-6.el8.ppc64le.rpm python3-openvswitch2.15-2.15.0-9.el8fdp.ppc64le.rpm python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.ppc64le.rpm python3-pyrsistent-0.16.0-3.el8ost.ppc64le.rpm python3-pyrsistent-debuginfo-0.16.0-3.el8ost.ppc64le.rpm redhat-release-coreos-48.84-4.el8.ppc64le.rpm rteval-loads-1.4-12.el8.ppc64le.rpm rteval-loads-debugsource-1.4-12.el8.ppc64le.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.ppc64le.rpm rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.ppc64le.rpm stress-ng-0.12.06-1.el8.ppc64le.rpm stress-ng-debuginfo-0.12.06-1.el8.ppc64le.rpm
s390x: afterburn-5.0.0-1.rhaos4.8.el8.s390x.rpm afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.s390x.rpm atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.s390x.rpm butane-0.12.1-1.rhaos4.8.el8.s390x.rpm butane-debuginfo-0.12.1-1.rhaos4.8.el8.s390x.rpm coreos-installer-0.9.0-6.rhaos4.8.el8.s390x.rpm coreos-installer-bootinfra-0.9.0-6.rhaos4.8.el8.s390x.rpm coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.s390x.rpm coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.s390x.rpm coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.s390x.rpm cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.s390x.rpm cri-tools-1.21.0-2.el8.s390x.rpm cri-tools-debuginfo-1.21.0-2.el8.s390x.rpm cri-tools-debugsource-1.21.0-2.el8.s390x.rpm haproxy-debugsource-2.2.13-1.el8.s390x.rpm ignition-2.9.0-6.rhaos4.8.el8.s390x.rpm ignition-debuginfo-2.9.0-6.rhaos4.8.el8.s390x.rpm ignition-debugsource-2.9.0-6.rhaos4.8.el8.s390x.rpm ignition-validate-2.9.0-6.rhaos4.8.el8.s390x.rpm ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.s390x.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.s390x.rpm openvswitch2.15-2.15.0-9.el8fdp.s390x.rpm openvswitch2.15-debuginfo-2.15.0-9.el8fdp.s390x.rpm openvswitch2.15-devel-2.15.0-9.el8fdp.s390x.rpm openvswitch2.15-ipsec-2.15.0-9.el8fdp.s390x.rpm ostree-2020.7-5.el8_4.s390x.rpm ostree-debuginfo-2020.7-5.el8_4.s390x.rpm ostree-debugsource-2020.7-5.el8_4.s390x.rpm ostree-devel-2020.7-5.el8_4.s390x.rpm ostree-libs-2020.7-5.el8_4.s390x.rpm ostree-libs-debuginfo-2020.7-5.el8_4.s390x.rpm ovn2.13-20.12.0-25.el8fdp.s390x.rpm ovn2.13-central-20.12.0-25.el8fdp.s390x.rpm ovn2.13-central-debuginfo-20.12.0-25.el8fdp.s390x.rpm ovn2.13-debuginfo-20.12.0-25.el8fdp.s390x.rpm ovn2.13-debugsource-20.12.0-25.el8fdp.s390x.rpm ovn2.13-host-20.12.0-25.el8fdp.s390x.rpm ovn2.13-host-debuginfo-20.12.0-25.el8fdp.s390x.rpm ovn2.13-vtep-20.12.0-25.el8fdp.s390x.rpm ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.s390x.rpm podman-3.0.1-6.el8.s390x.rpm podman-catatonit-debuginfo-3.0.1-6.el8.s390x.rpm podman-debuginfo-3.0.1-6.el8.s390x.rpm podman-debugsource-3.0.1-6.el8.s390x.rpm podman-plugins-debuginfo-3.0.1-6.el8.s390x.rpm podman-remote-3.0.1-6.el8.s390x.rpm podman-remote-debuginfo-3.0.1-6.el8.s390x.rpm podman-tests-3.0.1-6.el8.s390x.rpm python3-openvswitch2.15-2.15.0-9.el8fdp.s390x.rpm python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.s390x.rpm python3-pyrsistent-0.16.0-3.el8ost.s390x.rpm python3-pyrsistent-debuginfo-0.16.0-3.el8ost.s390x.rpm redhat-release-coreos-48.84-4.el8.s390x.rpm rteval-loads-1.4-12.el8.s390x.rpm rteval-loads-debugsource-1.4-12.el8.s390x.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.s390x.rpm rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.s390x.rpm stress-ng-0.12.06-1.el8.s390x.rpm stress-ng-debuginfo-0.12.06-1.el8.s390x.rpm
x86_64: afterburn-5.0.0-1.rhaos4.8.el8.x86_64.rpm afterburn-debuginfo-5.0.0-1.rhaos4.8.el8.x86_64.rpm atomic-openshift-service-idler-4.8.0-202106281541.p0.git.39cfc66.assembly.stream.el8.x86_64.rpm butane-0.12.1-1.rhaos4.8.el8.x86_64.rpm butane-debuginfo-0.12.1-1.rhaos4.8.el8.x86_64.rpm coreos-installer-0.9.0-6.rhaos4.8.el8.x86_64.rpm coreos-installer-bootinfra-debuginfo-0.9.0-6.rhaos4.8.el8.x86_64.rpm coreos-installer-debuginfo-0.9.0-6.rhaos4.8.el8.x86_64.rpm coreos-installer-debugsource-0.9.0-6.rhaos4.8.el8.x86_64.rpm cri-o-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm cri-o-debuginfo-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm cri-o-debugsource-1.21.2-5.rhaos4.8.gitb27d974.el8.x86_64.rpm cri-tools-1.21.0-2.el8.x86_64.rpm cri-tools-debuginfo-1.21.0-2.el8.x86_64.rpm cri-tools-debugsource-1.21.0-2.el8.x86_64.rpm haproxy-debugsource-2.2.13-1.el8.x86_64.rpm ignition-2.9.0-6.rhaos4.8.el8.x86_64.rpm ignition-debuginfo-2.9.0-6.rhaos4.8.el8.x86_64.rpm ignition-debugsource-2.9.0-6.rhaos4.8.el8.x86_64.rpm ignition-validate-2.9.0-6.rhaos4.8.el8.x86_64.rpm ignition-validate-debuginfo-2.9.0-6.rhaos4.8.el8.x86_64.rpm kata-containers-2.1.0-4.el8.x86_64.rpm openshift-clients-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.8.0-202106281541.p0.git.1077b05.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8.x86_64.rpm openvswitch2.15-2.15.0-9.el8fdp.x86_64.rpm openvswitch2.15-debuginfo-2.15.0-9.el8fdp.x86_64.rpm openvswitch2.15-devel-2.15.0-9.el8fdp.x86_64.rpm openvswitch2.15-ipsec-2.15.0-9.el8fdp.x86_64.rpm ostree-2020.7-5.el8_4.x86_64.rpm ostree-debuginfo-2020.7-5.el8_4.x86_64.rpm ostree-debugsource-2020.7-5.el8_4.x86_64.rpm ostree-devel-2020.7-5.el8_4.x86_64.rpm ostree-grub2-2020.7-5.el8_4.x86_64.rpm ostree-libs-2020.7-5.el8_4.x86_64.rpm ostree-libs-debuginfo-2020.7-5.el8_4.x86_64.rpm ovn2.13-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-central-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-central-debuginfo-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-debuginfo-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-debugsource-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-host-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-host-debuginfo-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-vtep-20.12.0-25.el8fdp.x86_64.rpm ovn2.13-vtep-debuginfo-20.12.0-25.el8fdp.x86_64.rpm podman-3.0.1-6.el8.x86_64.rpm podman-catatonit-debuginfo-3.0.1-6.el8.x86_64.rpm podman-debuginfo-3.0.1-6.el8.x86_64.rpm podman-debugsource-3.0.1-6.el8.x86_64.rpm podman-plugins-debuginfo-3.0.1-6.el8.x86_64.rpm podman-remote-3.0.1-6.el8.x86_64.rpm podman-remote-debuginfo-3.0.1-6.el8.x86_64.rpm podman-tests-3.0.1-6.el8.x86_64.rpm python3-openvswitch2.15-2.15.0-9.el8fdp.x86_64.rpm python3-openvswitch2.15-debuginfo-2.15.0-9.el8fdp.x86_64.rpm python3-pyrsistent-0.16.0-3.el8ost.x86_64.rpm python3-pyrsistent-debuginfo-0.16.0-3.el8ost.x86_64.rpm redhat-release-coreos-48.84-4.el8.x86_64.rpm rteval-loads-1.4-12.el8.x86_64.rpm rteval-loads-debugsource-1.4-12.el8.x86_64.rpm runc-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm runc-debuginfo-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm runc-debugsource-1.0.0-98.rhaos4.8.gitcd80260.el8.x86_64.rpm rust-afterburn-debugsource-5.0.0-1.rhaos4.8.el8.x86_64.rpm stress-ng-0.12.06-1.el8.x86_64.rpm stress-ng-debuginfo-0.12.06-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2021:2437-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2437
Issued Date: : 2021-07-27
CVE Names: CVE-2021-3114 CVE-2021-3121 CVE-2021-3636 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-25735 CVE-2021-25737

Topic

Red Hat OpenShift Container Platform release 4.8.2 is now available withupdates to packages and images that fix several bugs.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat OpenShift Container Platform 4.8 - noarch, ppc64le, s390x, x86_64


Bugs Fixed

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

1937562 - CVE-2021-25735 kubernetes: Validating Admission Webhook does not observe some previous fields

1940489 - CVE-2021-21623 jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

1947102 - CVE-2021-21639 jenkins: lack of type validation in agent related REST API

1947105 - CVE-2021-21640 jenkins: view name validation bypass

1954917 - CVE-2021-25737 kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack

1958407 - CVE-2021-21419 python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

1959545 - CVE-2021-21648 jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin

1978621 - CVE-2021-3636 openshift: Injected service-ca.crt incorrectly contains additional internal CAs


Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved