Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

OpenShift 4.11.0 Moderate: RHSA-2022-5070 Denial of Service Issues

red hat
Calendar Grey August 10, 2022
Dist Redhat Esm H88
Kubernetes 1.24.3 launched, introduces essential stability improvements to bolster deployment reliability and response agility.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements

Solution

For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes

Details on how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli

Summary

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:5068
Security Fix(es):
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli

Topics%20covered

Topics Covered

security advisory moderate security update Denial of Service cloud platform OpenShift

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-18874 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 Read the Full Advisory

Package List


Advisory ID: RHSA-2022:5070-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5070
Issue date: 2022-08-10

Topic

Red Hat OpenShift Container Platform release 4.11.0 is now available withupdates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.11.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update Denial of Service cloud platform OpenShift

Relevant Releases Architectures

Bugs Fixed

2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint

2042652 - Unable to deploy hw-event-proxy operator

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

2047308 - Remove metrics and events for master port offsets

2055049 - No pre-caching for NFD images

2055436 - nfd-master tracking the wrong api group

2055439 - nfd-master tracking the wrong api group (operand)

2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules

2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag

2062849 - hw event proxy is not binding on ipv6 local address

2066860 - Wrong spec in NFD documentation under `operand`

2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp

2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp

2067312 - PPT event source is lost when received by the consumer

2077243 - NFD os release label lost after upgrade to ocp 4.10.6

2087511 - NFD SkipRange is wrong causing OLM install problems

2089962 - Node feature Discovery operator installation failed.

2090774 - Add Readme to plugin directory

2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3

2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here