-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift support for Windows Containers 7.1.1 security update
Advisory ID:       RHSA-2023:4777-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4777
Issue date:        2023-08-28
CVE Names:         CVE-2023-3676 CVE-2023-3955 
=====================================================================

1. Summary:

The components for Red Hat OpenShift support for Windows Containers 7.1.1
are now available. This product release includes bug fixes and security
updates for the following packages: windows-machine-config-operator and
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers.

Security Fix(es):

* kubernetes: Insufficient input sanitization on Windows nodes leads to
privilege escalation (CVE-2023-3676)

* kubernetes: Insufficient input sanitization on Windows nodes leads to
privilege escalation (CVE-2023-3955)

For more details about the security issue(s), including the impact, CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2227126 - CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
2227128 - CVE-2023-3955 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

5. References:

https://access.redhat.com/security/cve/CVE-2023-3676
https://access.redhat.com/security/cve/CVE-2023-3955
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIbBAEBCAAGBQJk7QgFAAoJENzjgjWX9erEmqkP9inmtPoqB7oeTMo+3UfERI9+
HqA7c7OWb7VCc9KV/kkwFDh7qtEnx7qdEj1s4nht+eEyBR7nWBdZ1/WeCxgYoN8c
SBd1QFtu9rhjmfxZBeyao9BiLr4cn3d8wigNaNZ9usMbBWfEzXc/proTc0xcGB3L
hq6v/AMxxyo9iuAHUe98tJ6d39dV8rwIMn+Aw8A4vRocdtHK6mOmLUCKqHtaxJ6W
2E0rBZFbjo9icuPbe4WaHAJlMXX9UAiK//5N8aCohOtTnoCv2dT5nnyYWWQw/4Ip
CkpAkWakIX0pDlQB7nTcCdtYBggb33zZFR/Ft5W4KJZVDyKiwaP+JpyZQxi6go6X
0XJhHoRxwvn6URaplhtyuEZeFi8Z5vdzH6zDRhMxD6zhOe0JR2xGZEuKLksQp+ZF
Y3NftucitelDvtfjMdovUXMMvEJVs+CtXJns/FfUI/XCQFZOF9kmI008rApvcVWZ
W5xw3AC5SGAru8rot2sBcw/eYHf/Q/7vk6mXw/Z1J+FE7zTui2F4fD3XM9+TlOsG
UgOj6ZSEdTvdW8oZ92sMXYGqsIbAkkynL+J4uKphi4jDQyLIEKgymvh0mkOXNMeD
ZAh8Ms5e25fi8rQBB9Q19LBKuEuQQhSzMubwigCePXARdJEunTLTMXW9UFCVrrJ2
0/IqW7z1YqqLbnq6sCU=
=2xCj
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-4777:01 Important: Red Hat OpenShift support for Windows

The components for Red Hat OpenShift support for Windows Containers 7.1.1 are now available

Summary

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
* kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3676)
* kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3955)
For more details about the security issue(s), including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-3676 https://access.redhat.com/security/cve/CVE-2023-3955 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2023:4777-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4777
Issued Date: : 2023-08-28
CVE Names: CVE-2023-3676 CVE-2023-3955

Topic

The components for Red Hat OpenShift support for Windows Containers 7.1.1are now available. This product release includes bug fixes and securityupdates for the following packages: windows-machine-config-operator andwindows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2227126 - CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

2227128 - CVE-2023-3955 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation


Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo