Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Red Hat OpenShift 8.0.0 RHSA-2023:1372 Moderate: Memory Growth Issue

red hat
Calendar Grey May 10, 2023
Dist Redhat Esm H88
The latest security bulletin from Red Hat outlines a significant improvement for OpenShift on Windows, addressing concerns related to memory expansion and access vulnerabilities.
The components for Red Hat OpenShift support for Windows Containers 8.0.0 are now available

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* golang: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section

References

https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2023:1372-01
Product: Red Hat OpenShift Enterprise
Issue date: 2023-05-10

Topic

The components for Red Hat OpenShift support for Windows Containers 8.0.0are now available. This product release includes bug fixes and a moderatesecurityupdate for the following packages: windows-machine-config-operator andwindows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactofModerate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVElink(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

OCPBUGS-10416 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace

OCPBUGS-10709 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -

OCPBUGS-10930 - Windows pods are unable to resolve DNS records for services

OCPBUGS-11444 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039 4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"

OCPBUGS-11735 - oc adm node-logs failing in vSphere CI

OCPBUGS-1513 - Check if Windows defender is running doesnt work

OCPBUGS-2028 - [WINC] Windows nodes name not matching hostname in GCP

OCPBUGS-3506 - Load balancer shows connectivity outage during Windows nodes upgrade

OCPBUGS-4133 - Load Balance service with externalTrafficPolicy="Cluster" for Windows workloads intermittently unavailable in GCP and Azure

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.