Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

OpenShift 4.13: RHSA-2023-1329 Moderate Memory Security Update

red hat
Calendar Grey May 18, 2023
Dist Redhat Esm H88
Red Hat Security Notification moderate: OpenShift Container Platform 4.13.0 bug resolution and enhancements for software packages and security.
Red Hat build of MicroShift release 4.13.0 is now available with updates to packages and images that fix several bugs

Solution

For MicroShift 4.13, read the following documentation, which will be updated shortly for this release, for important instructions on how to install the latest RPMs and fully apply this asynchronous errata update:

https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.13/html/release_notes/index

Summary

Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments.
This advisory contains the RPM packages for Red Hat build of MicroShift 4.13.0. Read the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:1326
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All of the bug fixes may not be documented in this advisory. Read the following release notes documentation for details about these changes:

All Red Hat build of MicroShift 4.13 users are advised to use these updated packages and images when they are available in the RPM repository.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix memory issue OpenShift container platform

References

https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat OpenShift Container Platform 4.13:
Source: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.src.rpm
aarch64: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm
noarch: microshift-release-info-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm microshift-selinux-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm
x86_64: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Advisory ID: RHSA-2023:1329-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:1329
Issue date: 2023-05-18

Topic

Red Hat build of MicroShift release 4.13.0 is now available with updates topackages and images that fix several bugs.This release includes a security update for Red Hat build of MicroShift4.13.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix memory issue OpenShift container platform

Relevant Releases Architectures

Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, x86_64

Bugs Fixed

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

OCPBUGS-10223 - kubeconfig CA includes all signersOCPBUGS-10242 - CSI driver ends up in crash loop when host does not have default VG name

OCPBUGS-10243 - sysconfwatch-controller logs excessively

OCPBUGS-10251 - Rebase to 4.13 failed with duplicate metrics registration in ovnk

OCPBUGS-10253 - nats.io doesn't work on microshift

OCPBUGS-10254 - The router pod is delayed over 5m after reboot

OCPBUGS-10256 - Some pods not coming up after rebooting

OCPBUGS-10617 - Prompt unexpected err="microshift-etcd failed to start when execute 'microshift-etcd run'

OCPBUGS-10791 - MicroShift pods cannot resolve local host name

OCPBUGS-11295 - e2e: Config v1 client shim for static configuration manifests with read-only operations

OCPBUGS-11412 - build requirements are not available outside of Red Hat

OCPBUGS-11497 - Microshift-etcd doesn't start up with memoryLimitMB set to 50.

OCPBUGS-11593 - RPM build shows errors from missing jq command

OCPBUGS-11660 - sudo /usr/bin/microshift show-config --mode effective doesn't show the correct memoryLimitMB value

OCPBUGS-11811 - dependency on openvswitch is not compatible with RHEL 9.2 versions

OCPBUGS-13023 - Update dependency on selinux-policy to match RHEL 9.2 released package version

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here