Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorybug fixmoderate updateRed Hat OpenShift 4.12.19 RHSA-2023:3287-01 Moderate: DoS Security Fix
Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.12.19 bug fix and security update Advisory ID: RHSA-2023:3287-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3287 Issue date: 2023-05-31 CVE Names: CVE-2018-17419 CVE-2022-25147 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2023:3286 Security Fix(es): * dns: Denial of Service (DoS) (CVE-2018-17419) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShiftContainer Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:41fd42cc8b9f86fc86cc8763dcf27e976299ff632a336d393b8e643bd8a5f967 (For s390x architecture) The image digest is sha256:13666e036043e0d2283890259861a8b8132e6afc818973a2f8bab28d9947cd94 (For ppc64le architecture) The image digest is sha256:00b61dd3ae8d8da28eb7a5385eb1c7f200efa73023e44b1c220a7d041ca1bad1 (For aarch64 architecture) The image digest is sha256:3d73e42724be8f53f8511df17ef900225305226d37397ffde3385cbc6c55a132 All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2188523 - CVE-2018-17419 dns: Denial of Service (DoS) 5. JIRA issues fixed(https://issues.redhat.com/): OCPBUGS-10275 - [4.12] Lazily unmount /proc/cmdline OCPBUGS-12787 - OLM CatalogSources in guest cluster cannot pull images if pre-GA OCPBUGS-13530 - Root device hints should accept by-path device alias OCPBUGS-13599 - OSD clusters' Ingress health checks & routes fail after swapping application router between public and private OCPBUGS-13719 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets OCPBUGS-13739 - Failed to create STS resources on AWS GovCloud regions using ccoctl OCPBUGS-13743 - [4.12] container_network* metrics fail to report OCPBUGS-13750 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository OCPBUGS-13757 - The MCD has a non-functional pivot command that should be deprecated OCPBUGS-13760 - Yum Config Manager Not Found OCPBUGS-13821 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.12) OCPBUGS-6848 - Service name search ability while creating the Route from console OCPBUGS-7439 - Egress service does not handle invalid nodeSelectors correctly OCPBUGS-7619 - Search page: LazyActionMenus are shown below Add/Remove from navigation button OCPBUGS-7924 - Developer - Topology : 'Filter by resource' drop-down i18n misses 6. References: https://access.redhat.com/security/cve/CVE-2018-17419 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZHsDsNzjgjWX9erEAQh55g//fT4oDO3l6MuHn+2dcKCfrOgLHc7VltOU 1iOWn0SsTEaM6ucJGbBnsvgobGVFyy7SinwYLM0UB1IXJyCLsaGPSGF/esKUfGS7 LZo5Y1Htva+13tYeRlmCrjxiK9XkIK2Ib87Rl0VKBlPq6Y8t8P90uM9VQkENg2Bs ZJa8sslcKwE/ZZhya07BTdp+nQgUVBkBXTmF4GK5EGvtVrGaJNmBIPTaE57pyDbk bL3E2zqIwdCN1Idj3ef5/kM9MadQxFHXS7e214eWoZwDL7tdsKNnjGkYuoEI0yea N+qUUf60niYVGE5Fl4GvgFkcSNHGnrzqQkuvEmkZR623KgydTbtcHqxaMpUh5CeQ 2Xc2XRL/9mDBLpm+Rg7LXsANDTl1+sE87UaHqmyRw1BVcmpsk/cxA7QLoWlX7tvP tZ2dt42h5qWy7gjbUZulZmx1fsLPy9nhNJW+LY0dRlwpv/QAca2giV2+69W6rdp/ 3ua8i/hYvEuwupm+wZPjyxMowuFCDZLMHNR0D+Q6yevxq0+d06TH2uiBalpGo94G Hi1Yxup4txtKoo1+Y9+VqVTfq6ATZ7GiDLq8h2ryHYMZgwYgqhSP+N1zPoIoBCj4 k+IUNJvBmDwHtuAITiJW8Kh2+/VUF+nYkju5IE2SFDPBukMrJH10bsHU/5cB80wB FBSZg15VBkM=7k+H -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 03, 2023
Red Hat
98
security advisorydenial of servicebug fixRed Hat OpenShift 4.11: RHSA-2023:1158-01 Moderate: Denial Of Service Fix
Red Hat OpenShift Container Platform release 4.11.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.11.31 bug fix and security update Advisory ID: RHSA-2023:1158-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1158 Issue date: 2023-03-14 CVE Names: CVE-2022-21698 CVE-2022-23521 CVE-2022-41903 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.31 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.31. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2023:1157 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about thesechanges: https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes Security Fix(es): * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are (For x86_64 architecture) The image digest is sha256:5fbe52f0f89d72e4d28b2a40dc69174fe10cce0a99dc5caa6fcfbf4226e08919 (For s390x architecture) The image digest is sha256:5bf0f916f8a2c22d33f1da578274c201217e1e978a99730f4416fe528d3804c0 (For ppc64le architecture) The image digest is sha256:cc10900ad98b44ba432bc0d99e7d4fffb5498fd6844fc3b6a0a3552ee6d64059 (For aarch64 architecture) The image digest is sha256:f91f7f747915f6e9dcc3c7dcaf1b8ef26d06c314c279f0fd6e65930d93598e62 All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packagesand images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-2584 - python3-kubernetes is missing a dependency on python3-oauthlib and python3-requests-oauthlib OCPBUGS-5954 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not [backport 4.11] OCPBUGS-621 - [IBM Z]: Openshift-marketplace pods are in CrashLoopBackOff state OCPBUGS-6993 - Hosted ovnkubernetes pods are not being spread among workers evenly OCPBUGS-7727 - [4.11] Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial] OCPBUGS-7735 - [4.11] Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2 OCPBUGS-7950 - Repositories list does not show the running pipelinerun as last pipelinerun OCPBUGS-7987 - Azure Disk volume is taking time to attach/detach 6. References: https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23521 https://access.redhat.com/security/cve/CVE-2022-41903 https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZBCRptzjgjWX9erEAQhncA/+MBTtNXfQS8eMtKK5M71rOfZ9NxYYw6EH dzOIZ3zeKJphk3w38DSfv87z0eUMZ0mjt7+QOhCbxq0G60lNwfHOvmwxCY5nqqXZ mczzn7ErhuCdgkloafAW2d2iZb2KZkVrj2YKz40d2ft9SjoyTi4uIEGwE7b1WUQD kzwejIV0w4VHaGLsG452wK2+2EdPTuUrjZ3Gy9ieXr0YCf3Kurm8VCCJJBRYAUsr kJqj0ZPaFaMSsMj8kIW1EXdtLbC+IrRl7vGK2IUycGftX2mGfHrGL39dqEvmhHmH Xl05YN0eFbYmeH8ZwmC03KkSqswliwmTazob3s5yl8aB8+HuF26j3ln1SP2qchFN arGfVfv58a51rwNVwTyORoNFHbMAQr3/FhP5jUQzuwkPrin3MwL5t+j0bNvxQUQZ Al5NRzdryXylDHzpvhb9xEw8Cro29xilGKTp56NSNs3gMAjsuohAClCC3IudXyw1 dB7nlFbm4c+3AohaouKoQgyAzbQldi/A2sgk5s1tk33EsIHqGg6h2+AyRQT64hKx 2ofXrLQ7+/1PZNUtF85P9Fx03siTRDGU/EeRra/tpOSvThZi9Bv9o9IDQ4y3IejP 2ke1lgdeyVNRZgwlDgH6hFDUgrz987THVYev/9L83xkSIgUWFEjMYFTZL0PceEKJ gdLCyEefkLE=hXvq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 14, 2023
Red Hat
98
security advisorysecurity updateRed HatRed Hat OpenShift 4.8.51 RHSA-2022:6801-01 Important: Command Injection
Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.8.51 packages and security update Advisory ID: RHSA-2022:6801-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6801 Issue date: 2022-10-13 CVE Names: CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:6800 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about thesechanges: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes Security Fix(es): * go-getter: command injection vulnerability (CVE-2022-26945) * go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.51-x86_64 The image digest is sha256:ade848f9796f3938f8bd540ff5d94ef2791982b4f8c93929758efa0693c7a2db (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.51-s390x The image digest is sha256:acea62267cf0598be3a4fbf42f143d99afea181f6f27be5f892e4cfd88a110fc (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.51-ppc64le The image digest is sha256:5bbff649e25932816bdbc95e72e0b22e83c16c29f87809bea9d54b0b8886d363 All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes Detailson how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2091495 - Unable to create br-ex as gateway is not found 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-1098 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected OCPBUGS-1230 - [4.8] etcd should not rollout new revision when etcd Cluster is unhealthy/degraded OCPBUGS-1314 - Users can't silence alerts from the dev console OCPBUGS-1455 - Detect unsupported amount of workloads before rendering a lazy or crashing topology OCPBUGS-1461 - Kubelet slowly leaking memory and pods eventually unable to start OCPBUGS-1519 - [OCP 4.8] Fix generate script in CBO OCPBUGS-895 - Machine Controller stuck with Terminated Instances while Provisioning on AWS 6. References: https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY0fSuNzjgjWX9erEAQhuEQ//e3fEkmC8JexNdvijZRIl+wVa12AsaZMi tNyl45sFPMSZOrLz52HSD0jXV2SwuWxHUu0vDJo2ca3/wSCPYeI2BtaK12xjH6Dq I8L7gLXsEJ4T56Xw/5ugNlsXyq99qUEkyAsGm1k31U6pHyaVCxUTH1EcghEaHHB0 3MPdQChBBRnPVI7NF7AHllXWEUywFqmDxZecpN38E3OzFRFDGzcNJpxI6H/L9cux cKevRnMy1GruJ+X9GplAhN6X6C6EBuvJ3zAtZ9G4Qz6E+EusDfPhFFQ2EX7RNORC qcErXegpe6nI2tPK31CTOW4DC4+4tZQE/eWEqrDPREBS2zFcjjLfGvRYopUrq38y 6vV3oKsqiqElJFX46VQCQ1JjThBnlkJlQnKWZf6TNalNvvz3z6TziwWG2PpV63b+ M+6UsIaNWH/b9wsUp2hzY+faOpE8mrSM74vJSZGvyp9sgTkx0a1RGZZ7rr4ERXSH eYXdb+t2hdcsXyXNKIIRsSvbcHlydac3QmVC2DuS63XmVGQ1UNhwCgJZC29npSUd jt/vdFcrUEXnsGeVgbdnkQCraOB3m8f5YlLSWDDmlkc0/QYkZyk8eh5W/45W2+JM iZTynnyK/qRpi/tEh2jm/uLwkh/XsrW2X+caw/qSgcqVCeVu0xO4ReWUDdH9H6x5 7vvoQd8DqX0=drhd -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 13, 2022
•Important
Red Hat
98
security advisorybug fixmoderate impactRed Hat OpenShift 4.7.29 RHSA-2021:3303-04 Moderate Bug Fix
Red Hat OpenShift Container Platform release 4.7.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.29 bug fix and security update Advisory ID: RHSA-2021:3303-04 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:3303 Issue date: 2021-09-08 CVE Names: CVE-2021-3121 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.29 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.29. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2021:3304 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/release_notes/ocp-4-7-release-notes Security Fix(es): * gogo/protobuf:plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.29-x86_64 The image digest is sha256:b10034bedb4bf08a393462caf4c3fac8f9e4646d3b49d05915850dce0145cf15 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.29-s390x The image digest is sha256:19794cea3ec0e319223b38926e9a5356f0daa1594238ea620d83f6689777b11f (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.29-ppc64le The image digest is sha256:38484e753414060210bddef0e0d771ac5fe89f50272c9a959547195ac1615c05 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.7/html/release_notes/ocp-4-7-release-notes Details on how to access this content are available at - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1960103 - SR-IOV obliviously reboot the node 1967359 - [ocp_4][4.7][apiserver-auth] OAuth API servers are not ready -PreconditionNotReady 1972430 - Adopt failure can trigger deprovisioning 1976242 - [4.7.z backport] Upgrade from Openshift 4.5 -> 4.6 Results in Orphaned Address sets 1994601 - OLM dependencies not fixing version 1995199 - After unexpected power outage some nodes could not start anything via crio 1995579 - linuxptp-daemon crash on 4.8 1995910 - Backport ovnkube-trace requires iproute to be installed in the pod to 4.7.z 1996698 - Placeholder bug for OCP 4.7.0 metadata release 1996846 - Apiserver liveness probe is marking it as unhealthy during normal shutdown 1997104 - [OVN] EgressIP no longer worked after a cluster upgrade 1998996 - Placeholder bug for OCP 4.7.0 rpm release 1998997 - Placeholder bug for OCP 4.7.0 extras release 1998998 - Placeholder bug for OCP 4.7.0 metadata release 5. References: https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYTjFaNzjgjWX9erEAQj0shAAio5SZsZPEVdoHaaT27I49iVZhOjP/LSL UyXIhfifk1u1x+K7Dr72tgKaJAYx2qp6qTjTkZHXmG5i2aG9JxFlF61gbh5fov4+ ISczRYIHBF1r+eLOaJ5d02lECMrq7NCHZeeYZPH8/cxMLgun61EbYhWJK0udkJHq ntAc1eyZ3E00R6RcI3GdHvz5aCXG19yEFCFr5wcKrikeyBD2dcmxyCdlL+/dpgPD hDVLxlJH8ytLy6qTpeN/+HKblzjnyLVnBBbqK1KhA7SI9RQEavomrYCQLLhz8IDf 8oZqWAD3w4QEAT6fme9cNJzgtd2y7+wHCrTTOgKVtLtGU1c0LDaYf/wr4AUbToC4 M8n1T7uLVDKEci5aDo+MXZtDDhsGmEZZr/ahZ+0oxLw/hnUbPTZA3UsbhMRqUeaG B4P2MveleNX5dNr7C+MRMd3OJZFKIae3iFy9/RZUdYK3HdVl4cYEUFw3qLu/C0O9 vDCvNQiqTJ/oUb6h9ihjI6GbNSnwkdwi1L9Xkyam1xFjMeO7zxHgiNtCyO8y0Xfp QkTMnTaqjKOVPSQ4zfnParSvdfP41T28+bWfRByL79NXHJ56+PJYaoktFjnwnzvl tZw+LwW73MLpKVYnsVrToLghhpEFXAwzL61e9FrNoCCWpzJ5EDGRedEnhaq4ySgG twSeiXa+ih0=fXPC -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 08, 2021
Red Hat
98
security advisorysecurity issueRed HatRed Hat OpenShift 4.3.5: RHSA-2020:0681-01 Moderate Security Issue
An update for openshift-enterprise-apb-base-container, openshift-enterprise-mariadb-apb, openshift-enterprise-mysql-apb, and openshift-enterprise-postgresql-apb is now available for Red Hat OpenShift Container Platform 4.3.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.3.5 security update Advisory ID: RHSA-2020:0681-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:0681 Issue date: 2020-03-10 CVE Names: CVE-2019-16865 CVE-2019-19346 CVE-2019-19348 CVE-2020-1707 CVE-2020-1708 CVE-2020-5312 ==================================================================== 1. Summary: An update for openshift-enterprise-apb-base-container, openshift-enterprise-mariadb-apb, openshift-enterprise-mysql-apb, and openshift-enterprise-postgresql-apb is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * openshift/mariadb-apb: /etc/passwd was given incorrect privileges (CVE-2019-19346) * openshift/apb-base: /etc/passwd was given incorrect privileges (CVE-2019-19348) * openshift/postgresql-apb: /etc/passwd was given incorrect privileges (CVE-2020-1707) * openshift/mysql-apb: /etc/passwd was given incorrect privileges (CVE-2020-1708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.5, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.3/html/release_notes/ocp-4-3-release-notes 4. Bugs fixed (https://bugzilla.redhat.com/): 1793286 - CVE-2019-19348 openshift/apb-base: /etc/passwd is given incorrect privileges 1793289 - CVE-2019-19346 openshift/mariadb-apb: /etc/passwd is given incorrect privileges 1793299 - CVE-2020-1708 openshift/mysql-apb: /etc/passwd is given incorrect privileges 1793301 - CVE-2020-1707 openshift/postgresql-apb: /etc/passwd is given incorrect privileges 5. References: https://access.redhat.com/security/cve/CVE-2019-16865 https://access.redhat.com/security/cve/CVE-2019-19346 https://access.redhat.com/security/cve/CVE-2019-19348 https://access.redhat.com/security/cve/CVE-2020-1707 https://access.redhat.com/security/cve/CVE-2020-1708 https://access.redhat.com/security/cve/CVE-2020-5312 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXmgpjtzjgjWX9erEAQigDhAAnTRyBS1Wk+cpDyx9MobcCdp5yJIOLpGf Za69gaQ9bveECZrOTdGdZP8DcQhQZ4lLZymjmXNUawKeTqMfk5LKfy+LvvRWRmhP Sk8BsLEH5Smf4zDgCPYPCbWNBDNTanfIT92S6hYXgX6oHFSzX1NP3MlwfdRx9Mee QU5tbyu1B6sdJHUtXbz0XFt5zsPAJErh07kz3FQ6pK4POHoibzvwSmXP0VzYZtbh jPKqUG2U1GXkelE1Bj7TJ35zT8EKVDt66lpMczkHWBiHVYcnT6iEXRNm7b1/AwWn nv1YQ6H8sz8XLAzHDfawUscSWbpjaPDiM6qJoQ4qTIEYXdXnZAZAAfWwhlX2a5c4 6ppV9+TytRsiNbpjNVW+GKfUcspFeZ3UftgpWr9IWM/0DAtwN0c18PYZAtdR+dyZ +QDDkIdR6rT+jG/++2yndJ1lZwzddn2Hxb147YEL7ub+NzBVWZfd2k440Q2n88qN OHjG05nW8rr5aUvIHsf16aW9a4X9Yq0pqmhBaV7vW8q8FsQYKPwU5ldlWXd8sRB6 CQezdpGpZFbnCZXLKMl+v0b/twLU1K8wlAa5738wC0rCB8eYtkyR+duixXIQzJi6 OMOX1jzR1djzcdBqV12VwJrtoGmL0jATcfYEHgU9WewZOm0A/9xp1ck0oYnjGt7W +9cVc4KayHE=jA6U -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 10, 2020
Red Hat
98
security advisorysecurity issueRed HatRed Hat OpenShift 2.1.9 RHSA-2014:1906-01 Moderate Network Access Issues
Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Enterprise 2.1.9 security, bug fix, and enhancement update Advisory ID: RHSA-2014:1906-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2014:1906.html Issue date: 2014-11-25 CVE Names: CVE-2014-3602 CVE-2014-3674 ==================================================================== 1. Summary: Red Hat OpenShift Enterprise release 2.1.9, which fixes two security issues, several bugs, and add one enhancement, is now available. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 2.1 - noarch RHOSE JBoss EAP add-on 2.1 - noarch RHOSE Node 2.1 - noarch 3. Description: OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. It was found that OpenShift Enterprise 2.1 did not properly restrict access to services running on different gears. This could allow an attacker to access unprotected network resources running in another user's gear. In a previous update, OpenShift Enterprise 2.2 introduced the oo-gear-firewall command, which creates firewall rules and SELinux policy to contain services running on gears to their own internal gear IPs. The command is invoked by default during newinstallations of OpenShift Enterprise 2.2 to prevent this security issue. This update backports the command to OpenShift Enterprise 2.1.; administrators should run the following command on node hosts in existing OpenShift Enterprise 2.1 deployments after applying this update to address this security issue: # oo-gear-firewall -i enable -s enable Please see the man page of the oo-gear-firewall command for more details. (CVE-2014-3674) It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks. Note that for local listeners, OpenShift Enterprise restricts connections to within the gear by default, so even with the knowledge of the local port and IP, the attacker is unable to connect. The SELinux policy on node hosts has been updated to prevent this gear information from being accessed by local users. Due to the closing of this access, JBoss-based cartridges that relied on it previously must be upgraded according to the standard procedure. This is a compatible cartridge upgrade and therefore does not require a restart. (CVE-2014-3602) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the OpenShift Enterprise Technical Notes linked to in the References section, which will be updated shortly for release 2.1.9, for details about these changes. All OpenShift Enterprise users are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. See the OpenShift Enterprise 2.1 Release Notes linked to in the References section, which will be updated shortly for release 2.1.9, for important instructions on how to fully apply this asynchronous errata update. This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1131680 - CVE-2014-3602 OpenShift: /proc/net/tcp information disclosure 1143991 - [2.1 backport] Expose haproxy-sni-proxy mapped ports as environmental variables 1148170 - CVE-2014-3674 OpenShift Enterprise: gears fail to properly isolate network traffic 1149837 - [2.1 backport] oo-accept-systems: improve cartridge integrity checks 1153319 - [2.1 backport] Disable SSLv3 to mitigate POODLE CVE- 2014- 3566 1155794 - [2.1 backport] Race condition in `oo-httpd-singular graceful` when using apache-vhost 1163502 - Remove explicit dependency on RHEL 6.6's subscription-manager package 6. Package List: RHOSE Infrastructure 2.1: Source: openshift-enterprise-upgrade-2.1.9-1.el6op.src.rpm openshift-origin-broker-1.16.1.14-1.el6op.src.rpm openshift-origin-broker-util-1.23.8.14-1.el6op.src.rpm rubygem-openshift-origin-controller-1.23.10.15-1.el6op.src.rpm rubygem-openshift-origin-msg-broker-mcollective-1.23.3.6-1.el6op.src.rpm noarch: openshift-enterprise-release-2.1.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-broker-2.1.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.1.9-1.el6op.noarch.rpm openshift-origin-broker-1.16.1.14-1.el6op.noarch.rpm openshift-origin-broker-util-1.23.8.14-1.el6op.noarch.rpm rubygem-openshift-origin-controller-1.23.10.15-1.el6op.noarch.rpm rubygem-openshift-origin-msg-broker-mcollective-1.23.3.6-1.el6op.noarch.rpm RHOSE JBoss EAP add-on 2.1: Source: openshift-origin-cartridge-jbosseap-2.16.3.7-1.el6op.src.rpm noarch: openshift-origin-cartridge-jbosseap-2.16.3.7-1.el6op.noarch.rpm RHOSE Node2.1: Source: openshift-enterprise-upgrade-2.1.9-1.el6op.src.rpm openshift-origin-cartridge-jbossews-1.22.3.7-1.el6op.src.rpm openshift-origin-msg-node-mcollective-1.22.2.3-1.el6op.src.rpm openshift-origin-node-util-1.22.20.5-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.5.2.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-apache-vhost-0.5.2.6-1.el6op.src.rpm rubygem-openshift-origin-frontend-apachedb-0.4.1.2-1.el6op.src.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.3.2.2-1.el6op.src.rpm rubygem-openshift-origin-node-1.23.9.26-1.el6op.src.rpm noarch: openshift-enterprise-release-2.1.9-1.el6op.noarch.rpm openshift-enterprise-upgrade-node-2.1.9-1.el6op.noarch.rpm openshift-enterprise-yum-validator-2.1.9-1.el6op.noarch.rpm openshift-origin-cartridge-jbossews-1.22.3.7-1.el6op.noarch.rpm openshift-origin-msg-node-mcollective-1.22.2.3-1.el6op.noarch.rpm openshift-origin-node-util-1.22.20.5-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-mod-rewrite-0.5.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apache-vhost-0.5.2.6-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-apachedb-0.4.1.2-1.el6op.noarch.rpm rubygem-openshift-origin-frontend-haproxy-sni-proxy-0.3.2.2-1.el6op.noarch.rpm rubygem-openshift-origin-node-1.23.9.26-1.el6op.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-3602 https://access.redhat.com/security/cve/CVE-2014-3674 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html https://docs.redhat.com/en/documentation/OpenShift_Enterprise/2/html-single/2.1_Release_Notes/index.html#chap-Asynchronous_Errata_Updates 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUdMvPXlSAg2UNWIIRAl3BAJ9rQqkEpZf4eADw2UlOjewslifYTACcD1EL /UsGQ44U3ghdvF3PGBBRVOM=Cp0R -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 25, 2014
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!