Red Hat OpenShift 1.2.0 RHSA-2022:0855-01 Moderate: Container Issues
red hat
March 15, 2022
OpenShift sandboxed containers 1.2.0 is now available
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
Summary
OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.
This advisory contains an update for OpenShift sandboxed containers with
enhancements, security updates, and bug fixes.
Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the following Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/sandboxed_containers_support_for_openshift/index
Security Fixes:
* net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* net/http/httputil: panic due to racy read of persistConn after handler
panic (CVE-2021-36221)
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/updates/classification/#moderate
Package List
PREVIOUS
NEXT
Advisory ID: RHSA-2022:0855-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0855
Issue date: 2022-03-14
Topic
OpenShift sandboxed containers 1.2.0 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.
Topics Covered
Relevant Releases Architectures
Bugs Fixed
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
KATA-1015 - 1.2: unused sourceImage field in KataConfig is confusing
KATA-1019 - 1.2: annotations state Operator is only supported on OCP 4.8
KATA-1027 - Newer kata-containers shimv2 (from kata-2.2.0 onwards) doesn't work with OCP.
KATA-1118 - Attempt to uninstall while installation is in progress blocks
KATA-1134 - Metrics doesn't work with the latest runtime cgroups improvements and simplifications
KATA-1183 - security warning when creating daemonset for kata-monitor
KATA-1184 - MachineConfigPool kata-oc is not removed with KataConfig CRD is deleted
KATA-1189 - pods for kata-monitor daemonset don't start: SCC issues
KATA-1190 - Operator not reconciling when node labels are changed
KATA-1195 - Error: CreateContainer failed: Permission denied (os error 13): unknown
KATA-1205 - openshift-sandboxed-containers-operator namespace not labelled for kata metrics
KATA-1219 - kata-monitor will forget about a kata pod if an error happens while retrieving the metrics
KATA-1222 - daemonset creation fails with reconciler error
KATA-1224 - wrong channels and default version in internal build
KATA-1225 - upgrade from 1.1.0 to 1.2.0 failed
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!