-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift support for Windows Containers 7.0.0 [security update]
Advisory ID:       RHSA-2022:9096-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:9096
Issue date:        2023-01-30
CVE Names:         CVE-2021-25749 CVE-2021-46848 CVE-2022-21698 
                   CVE-2022-27191 CVE-2022-35737 
====================================================================
1. Summary:

The components for Red Hat OpenShift support for Windows Container 7.0.0
are now
available. This product release includes bug fixes and a moderate security
update for the following packages: windows-machine-config-operator and
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact
of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers.

Security Fix(es):

* prometheus/client_golang: Denial of service using
InstrumentHandlerCounter (CVE-2022-21698)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* kubelet: runAsNonRoot logic bypass for Windows containers(CVE-2021-25749)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2107261 - [WMCO] WMCO endpoints missing after WMCO restart in vSphere
2127808 - CVE-2021-25749 kubelet: runAsNonRoot logic bypass for Windows containers
5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-3509 - [WINC] Windows nodes name not matching hostname in GCP
OCPBUGS-3573 - Check if Windows defender is running doesnt work
OCPBUGS-4092 - Load balancer shows connectivity outage during Windows nodes upgrade
OCPBUGS-5749 - Installation of WMCO in different namespace fails
OCPBUGS-5803 - Windows nodes do not get drained (deconfigure) during the upgrade process
WINC-713 - Implement WICD bootstrap command
WINC-718 - WICD cleanup command (happy path)
WINC-731 - Run WICD service on Windows instances
WINC-732 - Nodes are bootstrapped with WICD bootstrap command
WINC-737 - Move hybrid-overlay configuration to WICD
WINC-738 - Kubelet service is described in services ConfigMap
WINC-739 - Configure azure node manager through WICD
WINC-740 - Configure kube-proxy through WICD
WINC-815 - GCP support for Windows Server 2022
WINC-830 - Use valid Windows Server 2022 image in platform=none job
WINC-848 - Windows exporter is configured by WICD
WINC-873 - Upgrade to go 1.19
WINC-874 - Pick up openshift/kubernetes 1.25 rebase updates
WINC-888 -  WMCO?s user data secret in GCP does not include tags
WINC-927 - Stop dependent services before stopping a service in WICD
WINC-941 - Use IMDSv1 to get hostname in AWS
WINC-949 - Rename powershellVariablesInCommand
WINC-957 - Update containerd to 1.6.15

6. References:

https://access.redhat.com/security/cve/CVE-2021-25749
https://access.redhat.com/security/cve/CVE-2021-46848
https://access.redhat.com/security/cve/CVE-2022-21698
https://access.redhat.com/security/cve/CVE-2022-27191
https://access.redhat.com/security/cve/CVE-2022-35737
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY9edMtzjgjWX9erEAQgLkg//Wq9uRShmkc1Il+iHrBVgoEd1vVN04ZvU
kfyuY9ulUvXPMrgsMDa5IKzyw/qT3nEmtJTCU4fp2Fp2xPcLOl5q5RfbO4F/VLb4
B7dNOf3osbzzl47J5IdyxUsvsCD5vhVvWUg7V2DK1FcNbAw52PAlyddnkDKBJY9B
Beqht4UD4k7yUD1ts+w35kER8ZMZw1S8bSPig8IwOnC/6KeViOo+d1Um8s9M4Pc1
3CvITEi7kVvcqoiGNOYKwLV2lP9qfGJqqC/prV4qq6atwxrjnx03Qx3/LWTNQjVq
arFzm2zWGpDwBO0zKhKvyReLQ6P+MRtnKCVsuFzSSyrJ15Ua9mmAizNYKUZmPUz2
LscLApQ/htY9Jzt7EMvflRgQ91qn07d71HZldTSs2T/3rnIJuE9dG6Gp9uLBfpmK
qUxb7z4cNZpX1gkdSdq3rm9U0FALxjfs74pSknTjQSSA8RdJVGR9u+pfYny2Ep3r
C4bIRPQ9JU84b7gmwb0mCmHiWVnJco4TybiQsG+AeJ+Tt2gLcLPLklRrsWk8cIKy
OBaduDbeNz5RpvGlUGPHNlRhJncLepy6PhymKTNfpUvlGSvF9xV+FaRFwr6X8kqt
kwpp8M16XQM9ljYjIofNGt1IMxuWO7bi5GMjA83dXlwzTyw2heWuyZYI9zfX3m8N
m9ApnqX4I90=3QC4
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-9096:01 Moderate: Red Hat OpenShift support for Windows

The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available

Summary

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * kubelet: runAsNonRoot logic bypass for Windows containers(CVE-2021-25749)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-25749 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2022:9096-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:9096
Issued Date: : 2023-01-30
CVE Names: CVE-2021-25749 CVE-2021-46848 CVE-2022-21698 CVE-2022-27191 CVE-2022-35737

Topic

The components for Red Hat OpenShift support for Windows Container 7.0.0are nowavailable. This product release includes bug fixes and a moderate securityupdate for the following packages: windows-machine-config-operator andwindows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter

2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server

2107261 - [WMCO] WMCO endpoints missing after WMCO restart in vSphere

2127808 - CVE-2021-25749 kubelet: runAsNonRoot logic bypass for Windows containers

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-3509 - [WINC] Windows nodes name not matching hostname in GCP

OCPBUGS-3573 - Check if Windows defender is running doesnt work

OCPBUGS-4092 - Load balancer shows connectivity outage during Windows nodes upgrade

OCPBUGS-5749 - Installation of WMCO in different namespace fails

OCPBUGS-5803 - Windows nodes do not get drained (deconfigure) during the upgrade process

WINC-713 - Implement WICD bootstrap command

WINC-718 - WICD cleanup command (happy path)

WINC-731 - Run WICD service on Windows instances

WINC-732 - Nodes are bootstrapped with WICD bootstrap command

WINC-737 - Move hybrid-overlay configuration to WICD

WINC-738 - Kubelet service is described in services ConfigMap

WINC-739 - Configure azure node manager through WICD

WINC-740 - Configure kube-proxy through WICD

WINC-815 - GCP support for Windows Server 2022

WINC-830 - Use valid Windows Server 2022 image in platform=none job

WINC-848 - Windows exporter is configured by WICD

WINC-873 - Upgrade to go 1.19

WINC-874 - Pick up openshift/kubernetes 1.25 rebase updates

WINC-888 - WMCO?s user data secret in GCP does not include tags

WINC-927 - Stop dependent services before stopping a service in WICD

WINC-941 - Use IMDSv1 to get hostname in AWS

WINC-949 - Rename powershellVariablesInCommand

WINC-957 - Update containerd to 1.6.15


Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved