Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat OpenShift: RHSA-2022:0577-01 Moderate Update for Windows Containers

red hat
Calendar Grey March 28, 2022
Dist Redhat Esm H88
Critical patches and enhancements have now been added to the security advisory for Windows Container Support in Red Hat OpenShift.
The components for Windows Container Support for Red Hat OpenShift 5.0.0 are now available

Solution

For Windows Machine Config Operator upgrades, see the following documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/windows_container_support_for_openshift/windows-node-upgrades

Summary

Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat bug fix windows container

References

https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-31525 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2022:0577-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0577
Issue date: 2022-03-28

Topic

The components for Windows Container Support for Red Hat OpenShift 5.0.0are now available. This product release includes bug fixes and a moderatesecurity update for the following packages: windows-machine-config-operatorand windows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat bug fix windows container

Relevant Releases Architectures

Bugs Fixed

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic

1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names

1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

1990573 - Username annotation error when byoh Windows have uppercase hostname

1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

1992841 - Deleting Machine Node object throws reconciliation error after WMCO restart

1994859 - Windows Containers on Windows Nodes get assigned the DNS Server IP “172.30.0.10”, which is wrong, if the default kubernetes subnet is not used

1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here