Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat OpenShift 4.10.2 RHSA-2022-5026 Moderate Security Advisory

red hat
Calendar Grey June 14, 2022
Dist Redhat Esm H88
The recent Red Hat OpenShift Virtualization release 4.10.2 includes several improvements and crucial fixes that mitigate moderate security vulnerabilities.
Red Hat OpenShift Virtualization release 4.10.2 is now available with updates to packages and images that fix several bugs and add enhancements

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

This advisory contains the following OpenShift Virtualization 4.10.2 images:
RHEL-8-CNV-4.10 ============== virt-artifacts-server-container-v4.10.2-1 kubevirt-template-validator-container-v4.10.2-1 virtio-win-container-v4.10.2-1 node-maintenance-operator-container-v4.10.2-1 hostpath-provisioner-operator-container-v4.10.2-1 virt-handler-container-v4.10.2-1 libguestfs-tools-container-v4.10.2-1 hostpath-csi-driver-container-v4.10.2-1 virt-operator-container-v4.10.2-1 virt-launcher-container-v4.10.2-1 hostpath-provisioner-container-v4.10.2-1 virt-api-container-v4.10.2-1 virt-controller-container-v4.10.2-1 cnv-must-gather-container-v4.10.2-2 kubernetes-nmstate-handler-container-v4.10.2-3 bridge-marker-container-v4.10.2-3 virt-cdi-uploadproxy-container-v4.10.2-3 virt-cdi-uploadserver-container-v4.10.2-3 ovs-cni-marker-container-v4.10.2-3 virt-cdi-operator-container-v4.10.2-3 ovs-cni-plugin-container-v4.10.2-3 kubemacpool-container-v4.10.2-3 virt-cdi-controller-container-v4.10.2-3 kubevirt-ssp-operator-container-v4.10.2-4 cnv-containernetworking-plugins-container-v4.10.2-3 cluster-network-addons-operator-container-v4.10.2-3 virt-cdi-apiserver-container-v4.10.2-3 hyperconverged-cluster-operator-container-v4.10.2-2 hyperconverged-cluster-webhook-container-v4.10.2-2 virt-cdi-cloner-container-v4.10.2-3 virt-cdi-importer-container-v4.10.2-3 hco-bundle-registry-container-v4.10.2-10
Security Fix(es):
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fixes virtualization OpenShift images update

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2022:5026-01
Product: cnv
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5026
Issue date: 2022-06-14

Topic

Red Hat OpenShift Virtualization release 4.10.2 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fixes virtualization OpenShift images update

Relevant Releases Architectures

Bugs Fixed

2016290 - [Warm] Warm Migration Fails and reporting ambiguous status.

2033346 - [cnv-4.10] Add vm name label to virt-launcher pods

2037605 - Openshift Virtualization alert 50% of the hyperconverged-cluster-operator-metrics/hyperconverged-cluster-operator-metrics targets in openshift-cnv namespace have been unreachable for more than 15 minutes on port 8686

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

2074384 - SAP HANA template - template should be moved to https://github.com/RHsyseng/cnv-supplemental-templates

2080453 - [4.10.z] cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image

2080918 - Upgrade CNV from 4.10.1 to 4.11 should be blocked if CNV k8s-nmstate is still installed

2083594 - virtctl guestfs incorrectly assumes image name

2085459 - smartclone-controller not started and cloned DataVolumes stuck in SnapshotForSmartCloneInProgress

2086114 - HCO is taking more than 12 minutes to reconcile consolequickstart connect-ext-net-to-vm and customize-a-boot-source

2086541 - NMO CSV dependency to CNV is failing

2088476 - [4.10.z] VMSnapshot restore fails to provision volume with size mismatch error

2088622 - 4.10.2 containers2089637 - CNAO is blocking upgrade to 4.11 despite standalone nmstate operator is installed

2089658 - SSP Reconcile logging improvement when CR resources are changed

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here