RedHat: RHSA-2022-5673:01 Important: Release of containers for OSP 16.2.z
Summary
Release osp-director-operator images
Security Fix(es):
* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
* go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
* go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
* go-getter: command injection vulnerability [Important] (CVE-2022-26945)
* golang.org/x/crypto: empty plaintext packet causes panic [Moderate]
(CVE-2021-43565)
* containerd: insufficiently restricted permissions on container root and
plugin directories [Moderate] (CVE-2021-41103)
Summary
Solution
OSP 16.2 Release - OSP Director Operator Containers tech preview
References
https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-41103 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/errata/RHSA-2022:4991 https://access.redhat.com/containers
Package List
Topic
Red Hat OpenStack Platform 16.2 (Train) director operator containers, withseveral Important security fixes, are available for technology preview.
Topic
Relevant Releases Architectures
Bugs Fixed
2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)
2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)
2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)
2092928 - CVE-2022-26945 go-getter: command injection vulnerability