Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers.
Security Fix(es):
* golang: An attacker can cause excessive memory growth in a Go server
accepting HTTP/2 requests (CVE-2022-41717)
* containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section
https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/updates/classification/#moderate
The components for Red Hat OpenShift support for Windows Containers 8.0.0are now available. This product release includes bug fixes and a moderatesecurityupdate for the following packages: windows-machine-config-operator andwindows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVElink(s) in the References section.
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
OCPBUGS-10416 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
OCPBUGS-10709 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -
OCPBUGS-10930 - Windows pods are unable to resolve DNS records for services
OCPBUGS-11444 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039 4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"
OCPBUGS-11735 - oc adm node-logs failing in vSphere CI
OCPBUGS-1513 - Check if Windows defender is running doesnt work
OCPBUGS-2028 - [WINC] Windows nodes name not matching hostname in GCP
OCPBUGS-3506 - Load balancer shows connectivity outage during Windows nodes upgrade
OCPBUGS-4133 - Load Balance service with externalTrafficPolicy="Cluster" for Windows workloads intermittently unavailable in GCP and Azure
Get the latest Linux and open source security news straight to your inbox.