-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Advisory ID:       RHSA-2023:2023-01
Product:           RHODF
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2023
Issue date:        2023-04-26
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4304 
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-40186 
                   CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 
                   CVE-2023-23916 
====================================================================
1. Summary:

Updated images that fix several bugs are now available for Red Hat
OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat
Container Registry.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat
OpenShift Data Foundation is a highly scalable, production-grade persistent
storage for stateful applications running in the Red Hat OpenShift
Container Platform. In addition to persistent storage, Red Hat OpenShift
Data Foundation provisions a multicloud data management service with an S3
compatible API.

Security Fix(es):

* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same
Name Assigned To The Same Entity (CVE-2022-40186)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to
these updated images, which provide several bug fixes.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2171965 - [4.11 clone] Secrets are used in env variables
2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv
2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs
2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735
https://access.redhat.com/security/cve/CVE-2021-28861
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-40186
https://access.redhat.com/security/cve/CVE-2022-40897
https://access.redhat.com/security/cve/CVE-2022-45061
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZEkQztzjgjWX9erEAQgqiQ//QNYPbRoFnC155vDFDqfb/Xen4MISMAL3
0ttVhQtlpAFvDpawOGKSU6VpSg5RTdjMebmGdJ33CiP/BQTyU+jA0jwVFlo47mqi
gfMKWhyn36+Y/Jy/n3QAbM3AoZpojuqHHac+nu5PipUVo2qUe8CvqG/yqb/bx/0P
mAMpbC2CWead2YRsWRAyTtwODCp5LV12X9zKQN4lLd04KEsYHBxKM4FnMA/FuY25
j39k/hGLvH7bH45okcnE/36aiGtiwPMnpg8Vilt0kBCGlSZTnhbs1wrJ7rsdoECi
+g2jA62Rfnb4I8/u9L16RZeKagM76nNlkeCPvgW7SyXOcuHiE/uK3e6XkrqxT9I/
v1bjt7w3KVuJKIz48XOsIVnUZ6XpbMdHUQAmTjYOBR59Fpjh3eKlV294XY97FqSk
LWH9PC6A347xrwEPx8A0xtVAYH91Kxn2IL5qHB9NxQpUffZhBHj5er8gowIpGvUN
PyhjibxA38UFhNNVYvgDNFC547V56KlJGwczuTAMVdyVLCPId86Rvo3PqM1gv567
iS14t91UNPWhkPkfibQy+jnI2YJuIKjuDYEIBto3Ys4Zmf8ha2WKx8B+PN7KNe8R
0z6xsMUrj+CHbBkuq1rPE+CW0XbXqsb1vRP2H2ucTByStag163Ll833x//FvOE/l
SN9bgU5rjbk=T/2V
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-2023:01 Important: Red Hat OpenShift Data Foundation

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry

Summary

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity (CVE-2022-40186)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide several bug fixes.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-40186 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2023:2023-01
Product: RHODF
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2023
Issued Date: : 2023-04-26
CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2022-40186 CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-23916

Topic

Updated images that fix several bugs are now available for Red HatOpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red HatContainer Registry.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2171965 - [4.11 clone] Secrets are used in env variables

2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv

2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity

2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs

2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"


Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved