Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat OpenStack 16.2: RHSA-2022-5673 Important Security Update

red hat
Calendar Grey July 20, 2022
Dist Redhat Esm H88
Canonical announces crucial patches for Kubernetes 1.23.x cluster management images. Stay vigilant for protection.
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview

Solution

OSP 16.2 Release - OSP Director Operator Containers tech preview

Summary

Release osp-director-operator images
Security Fix(es):
* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323) * go-getter: command injection vulnerability [Important] (CVE-2022-26945) * golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565) * containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103)

Topics%20covered

Topics Covered

security advisory command injection important update OpenStack tech preview container fix unsafe download

References

https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41103 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2022:4991 https://access.redhat.com/containers

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:5673-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5673
Issue date: 2022-07-20

Topic

Red Hat OpenStack Platform 16.2 (Train) director operator containers, withseveral Important security fixes, are available for technology preview.

Topics%20covered

Topics Covered

security advisory command injection important update OpenStack tech preview container fix unsafe download

Relevant Releases Architectures

Bugs Fixed

2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories

2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic

2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)

2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)

2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)

2092928 - CVE-2022-26945 go-getter: command injection vulnerability

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here