Red Hat OpenShift 4.11.0 RHSA-2022:5068 Moderate: Security Fixes
red hat
August 10, 2022
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements
Solution
For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes
Details on how to access this content are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli
Summary
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* ignition: configs are accessible from unprivileged containers in VMs
running on VMware products (CVE-2022-1706)
* prometheus/client_golang: Denial of service using
InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled
overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect
access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field
elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)
* runc: incorrect handling of inheritable capabilities (CVE-2022-29162)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2022-1706 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29162 https://access.redhat.com/security/updates/classification#moderate
Package List
Red Hat OpenShift Container Platform 4.11:
Source:
atomic-openshift-service-idler-4.11.0-202206222028.p0.g39cfc66.assembly.stream.el8.src.rpm
buildah-1.23.4-2.el8.src.rpm
butane-0.15.0-1.rhaos4.11.el8.src.rpm
conmon-2.1.2-2.rhaos4.11.el8.src.rpm
console-login-helper-messages-0.20.3-2.rhaos4.11.el8.src.rpm
container-selinux-2.188.0-1.rhaos4.11.el8.src.rpm
containernetworking-plugins-1.0.1-5.rhaos4.11.el8.src.rpm
containers-common-1-21.rhaos4.11.el8.src.rpm
coreos-installer-0.15.0-2.rhaos4.11.el8.src.rpm
cri-o-1.24.1-11.rhaos4.11.gitb0d2ef3.el8.src.rpm
cri-tools-1.24.2-4.1.el8.src.rpm
criu-3.15-4.rhaos4.11.el8.src.rpm
crun-1.4.2-1.rhaos4.11.el8.src.rpm
fuse-overlayfs-1.9-1.rhaos4.11.el8.src.rpm
haproxy-2.2.24-1.el8.src.rpm
ignition-2.14.0-3.rhaos4.11.el8.src.rpm
kata-containers-2.4.2-1.el8.src.rpm
libslirp-4.4.0-2.rhaos4.11.el8.src.rpm
openshift-4.11.0-202207082037.p0.g9546431.assembly.stream.el8.src.rpm
openshift-ansible-4.11.0-202206240216.p0.g9de1722.assembly.stream.el8.src.rpm
openshift-clients-4.11.0-202207291716.p0.g7075089.assembly.stream.el8.src.rpm
openshift-kuryr-4.11.0-202206232036.p0.g66c0cec.assembly.stream.el8.src.rpm
openvswitch2.17-2.17.0-22.el8fdp.src.rpm
ovn22.03-22.03.0-37.el8fdp.src.rpm
ovn22.06-22.06.0-27.el8fdp.src.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2022:5068-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5068
Issue date: 2022-08-10
Topic
Red Hat OpenShift Container Platform release 4.11.0 is now available withupdates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.11.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Ironic content for Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2082274 - CVE-2022-1706 ignition: configs are accessible from unprivileged containers in VMs running on VMware products
2086398 - CVE-2022-29162 runc: incorrect handling of inheritable capabilities
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!