RedHat: RHSA-2023-4025:01 Low: Red Hat OpenShift support for Windows
Summary
Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers.
Security Fix(es):
* containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/updates/classification/#low
Package List
Topic
The components for Red Hat OpenShift support for Windows Containers 7.1.0are now available. This product release includes bug fixes and securityupdates for the following packages: windows-machine-config-operator andwindows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Bugs Fixed
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
5. JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-10417 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
OCPBUGS-10784 - In-tree storage for azure-file and vSphere is disabled
OCPBUGS-10933 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -
OCPBUGS-10935 - Windows pods are unable to resolve DNS records for services
OCPBUGS-11667 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039 4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"
OCPBUGS-11785 - oc adm node-logs failing in vSphere CI
OCPBUGS-13790 - Segmentation Violation found in WMCO .ensureWICDSecretContent
OCPBUGS-14260 - Upgrade from WMCO 7.0.1 to 7.1.0 not working on Windows BYOH nodes: error waiting for proper windowsmachineconfig.openshift.io/version annotation for node
OCPBUGS-14445 - Instance configurations fails on Windows Server 2019 without the container feature
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
OCPBUGS-7336 - WMCO kubelet version not matching OCP payload's one
OCPBUGS-7843 - containerd version is being misreported
OCPBUGS-8037 - Directory deletion errors are being ignored when deconfiguring Windows instances
OCPBUGS-8056 - WMCO is unable to drain DaemonSet workloads
OCPBUGS-8085 - Hybrid Overlay logfile is in use and cannot be deleted
WINC-1037 - Windows Server 2019 CI coverage
WINC-981 - Red Hat OpenShift support for Windows Containers 7.0.1 Post Release
WINC-983 - [e2e] Ensure required log files are non-empty
