Red Hat OpenShift 4.11.6 Moderate: RHSA-2023:5103-01 Security Fix
Sep 12, 2023
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Red Hat OpenShift Virtualization release 4.11.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Virtualization 4.11.6 security and bug fix update
Advisory ID: RHSA-2023:5103-01
Product: OpenShift Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5103
Issue date: 2023-09-12
CVE Names: CVE-2016-3709 CVE-2022-4304 CVE-2022-4450
CVE-2023-0215 CVE-2023-0286 CVE-2023-0361
CVE-2023-2828 CVE-2023-3089 CVE-2023-3899
CVE-2023-38408
=====================================================================
1. Summary:
Red Hat OpenShift Virtualization release 4.11.6 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section
2. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.11.6 images.
Security Fix(es):
* openshift: OCP & FIPS mode (CVE-2023-3089)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Requested TSC frequency outside tolerance range & TSC scaling not
supported (BZ#2151169)
* User cannot get resource "virtualmachineinstances/portforward" in API
group "subresources.kubevirt.io" (BZ#2160673)
* 4.11.4 containers (BZ#2173835)
* VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193)
3. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2151169 - Requested TSC frequency outside tolerance range & TSC scaling not supported
2160673 - User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io"
2173835 - 4.11.4 containers
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
2218193 - VMI with x86_Icelake fail when mpx feature is missing
5. References:
https://access.redhat.com/security/cve/CVE-2016-3709
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-2828
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-3899
https://access.redhat.com/security/cve/CVE-2023-38408
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001
6. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJlAINpAAoJENzjgjWX9erEdG4P/jO759CVAR4s+eVcATfiu6r+
VPBs/U/dKc0aau2J2m5m4MXxUDl5xwBU/2MlrjMkO2m/nwLo8nziwZKW2m4ZsY+f
i9f3H66M71u4eoPzfqLQ9imjyWAwYwYuHNumWQyzeWjStWaR7p3/NBo9vHaE63To
ZFBmOZxRx9wsAfzhjSQbteWH7BNwqlqqjjZlCWf13BETlj2SF+6ow1soxVdSLY0M
Dn4nKvohgA5neX3KBd51+f66R1HFKZshgUSH7/YlDC3FTRScFOPnbyrssUpGZpKg
Ldf0vr27YVQIpfZRVIjwPgXK3oQ8hs+XYQgxP8T7CLAZ9bHDvqrb2y/O19XfqRW4
15/hsjuLUwmIQNpYdxu9s3lbPdNSxpH7g47OTF27JmHVSEe8mBlBOxEL7W3AvC5l
v/0ovn8mlAJYfLWFOFU38Jy5FyDvR3GsEUo+xgWGJlSHGRx33nc/AMG+1MWHnxyV
yAWfTkw3/QmfqK459kIKMnJuxB9SnFgf4tLpEkuwpQrgyiAfc//3PWQ0vJP9bXsu
lxeV2fd8WZ9yEXPwkVN67sr/QOQYy2pdz+yxVDYHnIEfttiRgMutzKoMMGFIJmAW
81bG9c3hkArSvNraqZZbMUhfTbF8OfjHeroBQp+XcqSipk+mmoZKgFr8yhPzE1Rp
60MIgjdOBksum7fyI6a/
=7uko
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Red Hat OpenShift 4.11.6 Moderate: RHSA-2023:5103-01 Security Fix
red hat
September 12, 2023
Red Hat OpenShift Virtualization release 4.11.6 is now available with updates to packages and images that fix several bugs and add enhancements
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
OpenShift Virtualization is Red Hat's virtualization solution designed for
Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.11.6 images.
Security Fix(es):
* openshift: OCP & FIPS mode (CVE-2023-3089)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Requested TSC frequency outside tolerance range & TSC scaling not
supported (BZ#2151169)
* User cannot get resource "virtualmachineinstances/portforward" in API
group "subresources.kubevirt.io" (BZ#2160673)
* 4.11.4 containers (BZ#2173835)
* VMI with x86_Icelake fail when mpx feature is missing (BZ#2218193)
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001
Package List
Advisory ID: RHSA-2023:5103-01
Product: OpenShift Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5103
Issue date: 2023-09-12
Topic
Red Hat OpenShift Virtualization release 4.11.6 is now available withupdates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section
Topics Covered
Relevant Releases Architectures
Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3366731_3e4bf4acb8c07dfea38b8147414a3c74 on line 11
Warning: Undefined array key "relevant_releases_architectures" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3366731_3e4bf4acb8c07dfea38b8147414a3c74 on line 16
Bugs Fixed
2151169 - Requested TSC frequency outside tolerance range & TSC scaling not supported
2160673 - User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io"
2173835 - 4.11.4 containers
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
2218193 - VMI with x86_Icelake fail when mpx feature is missing
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!