Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat OpenShift 4.8.5 Update RHSA-2021-4845-01 Moderate Threat

red hat
Calendar Grey November 29, 2021
Dist Redhat Esm H88
The latest update for Red Hat OpenShift Container Storage 4.8.5 fixes key vulnerabilities, boosting the security and reliability of the platform.
An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.
Security Fix(es):
* nodejs-ssh2: Command injection by calling vulnerable method with untrusted input (CVE-2020-26301)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)
* Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. (BZ#2015939)
Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.

Topics%20covered

Topics Covered

security advisory security update Red Hat moderate impact command injection OpenShift container storage

References

https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-8037 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-26301 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 Read the Full Advisory

Package List


Advisory ID: RHSA-2021:4845-01
Product: Red Hat OpenShift Container Storage
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4845
Issue date: 2021-11-29

Topic

An update is now available for Red Hat OpenShift Container Storage 4.8.5 onRed Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat moderate impact command injection OpenShift container storage

Relevant Releases Architectures

Bugs Fixed

1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted

2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here