-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update
Advisory ID:       RHSA-2022:7058-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7058
Issue date:        2022-10-19
CVE Names:         CVE-2015-20107 CVE-2022-0391 CVE-2022-1292 
                   CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 
                   CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 
                   CVE-2022-2832 CVE-2022-24675 CVE-2022-29154 
                   CVE-2022-30632 CVE-2022-32206 CVE-2022-32208 
                   CVE-2022-34903 CVE-2022-40674 
====================================================================
1. Summary:

OpenShift sandboxed containers 1.3.1 is now available.

2. Description:

OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.

This advisory contains an update for OpenShift sandboxed containers with 
security fixes and a bug fix.

Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the following Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:


3. Solution:

Before applying this update, ensure all previously released errata relevant
to your system have been applied.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

4. Bugs fixed (https://bugzilla.redhat.com/):

2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor

5. JIRA issues fixed (https://issues.redhat.com/):

KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]
KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]
KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator
KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]

6. References:

https://access.redhat.com/security/cve/CVE-2015-20107
https://access.redhat.com/security/cve/CVE-2022-0391
https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-1586
https://access.redhat.com/security/cve/CVE-2022-1785
https://access.redhat.com/security/cve/CVE-2022-1897
https://access.redhat.com/security/cve/CVE-2022-1927
https://access.redhat.com/security/cve/CVE-2022-2068
https://access.redhat.com/security/cve/CVE-2022-2097
https://access.redhat.com/security/cve/CVE-2022-2832
https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-29154
https://access.redhat.com/security/cve/CVE-2022-30632
https://access.redhat.com/security/cve/CVE-2022-32206
https://access.redhat.com/security/cve/CVE-2022-32208
https://access.redhat.com/security/cve/CVE-2022-34903
https://access.redhat.com/security/cve/CVE-2022-40674
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY1C5WdzjgjWX9erEAQgJMw//UotXcQCJjQq9U/dMEE92E+gMGXIkLA0E
r7WbJOwUYeokObhxD9T5Xq3/bXxRc1o/IGXIiL+0pxQSoG/JtjtI+DB9yUDxMdBU
cNIu+H/o5aN0CPgIuYppi/UT1e3GUwkhMK310Ic8MFP/FKBzEu3sJmbLf3n1FRVp
mpd+J08ksUo8NVKwqglyHgRyoDGOkzNd3jqo0q8PU07NmVWNcmQMmwE85/nEm4Cq
PENRUyIKBQB7IhVdBhEy0RGCKqihnre4bwIoi3DULUfthnkuUEciBkTCNdEeRBmZ
5wda1tj1vjbaLByeaEPla6+e48JcudmbL8G/ppacKUnVBD6p4qtW9LzdnOxRlrI2
/MYM4kV3Z4gDTBZPEKVdgdMTDcHpjVB0d6IM+9yMSCjKMj3ihjeV/FYIxeo8WC0E
Gdie+Kvd+1R/dRUdMh/FlUuk3dZjH6Xz3b7fkuIW1IVqC3xwawaT0MrmTBzqcyqu
PYcIZmKUwglMn/fKOBlE4ynzirGX+tvVkP7Tu8nVm94YnWpZw4eDTY6E4WQqS3a5
tgiKgqgey5cK6fLg8yQyPdSJfGzwAMiylCLVwSH8CMXBLvVxbRolBPDkz49ArxET
36Pt3w7vkKUCPtSvk/1p36KZ/yHviYt4E2etRtwcGLvzGIqtu6vaq9NAWS+kcMbx
dW4UeWt2Fow=N7WL
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-7058:01 Moderate: OpenShift sandboxed containers 1.3.1

OpenShift sandboxed containers 1.3.1 is now available

Summary

OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime.
This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix.
Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:



Summary


Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details on how to apply this update, which includes the changes described in this advisory, refer to:

References

https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2832 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2022:7058-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:7058
Issued Date: : 2022-10-19
CVE Names: CVE-2015-20107 CVE-2022-0391 CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-2832 CVE-2022-24675 CVE-2022-29154 CVE-2022-30632 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-40674

Topic

OpenShift sandboxed containers 1.3.1 is now available.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode

2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor

5. JIRA issues fixed (https://issues.redhat.com/):

KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]

KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]

KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator

KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved