Red Hat OpenShift 4.13 RHSA-2023:2138-01 Moderate Threat: Auth Issues
red hat
May 18, 2023
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Summary
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the extra low-latency container images for Red Hat
OpenShift Container Platform 4.13. See the following advisory for the
container images for this release:
https://access.redhat.com/errata/RHSA-2023:1326
All OpenShift Container Platform users are advised to upgrade to these
updated packages and images.
Security Fix(es):
* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)
* vault: incorrect policy enforcement (CVE-2021-43998)
References
https://access.redhat.com/security/cve/CVE-2020-16251 https://access.redhat.com/security/cve/CVE-2021-43998 https://access.redhat.com/security/updates/classification/#moderate
Package List
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2023:2138-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2138
Issue date: 2023-05-18
Topic
An update for ztp-site-generate-container, topology-aware-lifecycle-managerand bare-metal-event-relay is now available for Red Hat OpenShift ContainerPlatform 4.13.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Bugs Fixed
2028193 - CVE-2021-43998 vault: incorrect policy enforcement
2167340 - CVE-2020-16251 vault: GCP Auth Method Allows Authentication Bypass
5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):
OCPBUGS-10819 - TALM SNO Backup Fails on Managed Cluster Running CoreOS 9.2
OCPBUGS-11890 - TALM keeps spinning with the hub template error when unsupported hub template function is being used in the second policy
OCPBUGS-2336 - dataset_comparison should be G.8275.x in ptpconfig source crsOCPBUGS-3005 - step_threshold should be changed from 0.0 to 2.0 in in ptpconfig source crsOCPBUGS-3047 - TALM spent 42 minutes precaching when there was no precaching work to be done.
OCPBUGS-3092 - TALM precaching pulls more content than needed
OCPBUGS-3210 - TALM attempting to approve PAO installplan for 4.11 operator upgrade
OCPBUGS-3885 - After CGU timed out it got stuck in a loop and kept adding duplicates to status field
OCPBUGS-3954 - Precaching status missing for temporarily unavailable clusters
OCPBUGS-4197 - CGU pod goes to CrashLoopBackOff when incorrect channel is provided for OCP precaching
OCPBUGS-4200 - Segfault from TALM after CGU timeout
OCPBUGS-4246 - Precaching spec error due to invalid policy combination reported as precaching/backup failures on spokes
OCPBUGS-4329 - Cannot install LVMO through gitops ZTP
OCPBUGS-4406 - ptp configs should match reference configs
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!