Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymoderateRed HatImportant Update on Red Hat OpenShift Data Foundation: RHSA-2023-4437-01
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update Advisory ID: RHSA-2023:4437-01 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2023:4437 Issue date: 2023-08-02 CVE Names: CVE-2022-46663 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 CVE-2023-3089 CVE-2023-24329 ===================================================================== 1. Summary: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API. Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information,refer to the CVE page(s) listed in the References section. Bug Fixes: * Previously, an empty screen was seen for the topology view of the external mode because in external mode, the nodes are not labelled with the OCS label and hence, the topology view did not show the nodes at the first level. With this fix, the topology view is disabled for the external mode clusters and as a result, the confusing empty screen is not displayed. (BZ#2213739) * Previously, in MultiCloud Object Gateway (MCG), there was a significant degradation in performance with read and write operations of small objects. The degradation was because the Remote Procedure Calls (RPC) between the MCG endpoint and the core that were required to be cached, missed the cache each time causing an RPC message between the endpoint and the core per each operation. With this fix, the lookup in cache is fixed so that the existing data is found and not queried at each operation. (BZ#2215976) * Previously, there were repeated crashes of the MultiCloud Object Gateway (MCG) Operator because the operator collided with the updates to the structure when it was trying to print a debug message regarding an internal structure in the MCG Operator. With this release, the print is fixed so that there are no collisions, thereby avoiding the repeated crashes of the MCG Operator. (BZ#2216401) All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2213456 - Set ??maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version 2213739 - Disable topology view for external mode 2216401 - ]backport to 4.13.z] noobaa-operator pod shows multiple restarts 2218181 - [IBM Z/MDR]: With ACM 2.8 applying DRpolicy to subscription workloadfails 2218316 - [DR][4.13] Pass-through CA certificates to Velero for k8s object protection to function 2218487 - [MDR][Fusion] PVC remain in pending state after successful failover 2224244 - [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4] 5. References: https://access.redhat.com/security/cve/CVE-2022-46663 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkyrqWAAoJENzjgjWX9erE1NMQAIC4nnvj3A+HlcoMKUfQOJVp ewo1f8kXEXc1c7hJqoNzEgIVO3hBOBo/I0wXAUaeNFxSD9zgpuU543Nhj57tb33G vYfSMKqUn7x4YPlUQixMPUk0OnEfFuEQXYOXqrcCrbMgGtWyaJwR/BU6HFdYBODd cZ4TgJN4Nz/8Ci57E5n/C5csf14WGbh/QJY649C7K+nOLj1jNSoslCO4i9UyVoqo qcLPtvP8QSLoyJZLszUczsqgH9VdUEn7LUYsEyNLwkf81aYsxgCN/Uu3M9uRsD11 bqhTR+Idlo1/oVhydVsLcVo6bIxzBK0JDOuOMb1Y1W/wJ+v6mDkFQWe1ha2jitqY neAKrSqMdM0omKzRrdi3sI3FUADBBFujCsu0Xoe8/i/Tzrc6pEtPZj6nqu6GIwC2 AsBJJ0DhQBXIFtZ9cOY3Rh2X5V/p/C6XCRSQ55Fi7undYpItU2BkqA6ZauFLxBu1 7FWfFLZwiRvCeJ7XKh5GUUX94SxWVkBw2LDIxtgoZxwiCh5gbZBm/2dmco68eLjJ w5+dugELgwxytRloAOhvh58dA3XyKM093K615Eov/LqwSdosmyR2GYRJOXNdLxnZ XJh6R1kTc1ibsUnpPdanz5nEZcBhSlavDYtNv9JPtlS2xE07S+5RGj9g1WCiUY6D vtbX1UW5Ud77UW2QB75X =IJ+o -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 02, 2023
•Important
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2023:4241-01 Moderate: OpenShift Data Foundation Bug Fix
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update Advisory ID: RHSA-2023:4241-01 Product: Red Hat OpenShift Data Foundation Advisory URL: https://access.redhat.com/errata/RHSA-2023:4241 Issue date: 2023-07-20 CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 CVE-2023-24329 CVE-2023-26604 ==================================================================== 1. Summary: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API. Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. Bug Fix(es): * Set ââmaxOpenShiftVersion to block OpenShift that didn't upgrade ODF version (BZ#2213450) * [odf 4.10.z] resolve the CVP failure for operators.openshift.io/valid-subscription annotation in the CSV (BZ#2222863) All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2211595 - [ODF 4.10] [GSS] unknown parameter name "FORCE_OSD_REMOVAL" 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 2213450 - Set ??maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version 2222863 - [odf 4.10.z] resolve the CVP failure for operators.openshift.io/valid-subscription annotation in the CSV 2224269 - [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4.10] 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkuoZmAAoJENzjgjWX9erE9nMP/15wYBGhFXcl8eOBMAQK+BAp kE9Ad4Qz9j2pgbSnx1Tr6TXi7lllOj+TP61HY6YNN9Gre6x3EyZ3bMWM7u5bUZK5 f000XnXfJ+N3Wye1oRXepzFslDQ7c9jHyhZVCMwMvI9meP8I98Lhr3ezEBrY+8VY KahH8N3Bd7PsqQ8CjYutxM13hacOrTBWE213nVMJ7MPtuMAaka+KcE5nSFcUtG5N RI3OWnoey8RuZ/4E3Yuobl2ayukyMwCwVN85vmAlJEKJDbaT8yqvrJ3nT9Arquep KIvQFzceljCWnmwLZ3jwMwLMBK9XJD/yq9504cpoUDrT6WGcGpqw1WdLf42uuvd6 gga9hC2qpPEBjs0FzG59SiEYjagG9rmjah+gLc1c2FqNZhY1t7PDBWLoo5JyAd5C B3/Lt+dMw+W/Atts5VlwLMsFusKq9gJGYnbK4RrjEqca+hS2TnwcjckVHAUZeQRt E87b8qXrGvE3FeN67eaYUkbJLoPzVdhdThhR4ebSIjb7bhngq5uJlTfsZiWIyqjV cviiUYzwcv4vvg5MY2B09xDieHciF2HjHC7stLOrBrhRU6z+UOM1GqdDlC/pTdk6 veEm2rRVDrzyQnYw4yte9f8/UI+g6GATF8rd67VJbIChShYYeEzIFfUsx7J1hXn3 /8mvGXNOJVC2aEFyBI0h =dERc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 21, 2023
Red Hat
98
security advisorymoderateRed HatRed Hat OpenShift 4.12.2 RHSA-2023:1816-01 Moderate Bug Fix
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update Advisory ID: RHSA-2023:1816-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2023:1816 Issue date: 2023-04-17 CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2022-40897 CVE-2022-41717 CVE-2022-45061 CVE-2022-48303 CVE-2023-0215 CVE-2023-0286 CVE-2023-23916 ==================================================================== 1. Summary: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) Formore details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [backport 4.12] s3 sync directory to a bucket fails with Internal Error in between the upload operation (BZ#2170416) * [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968) * [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442 to 4.12.z (BZ#2174335) * [ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA (BZ#2179978) * [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO (BZ#2183198) 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 2171968 - [4.12 clone] [Noobaa] Secrets are used in env variables 2174335 - [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442 to 4.12.z 2175365 - [4.12.z] Upgrade from 4.12.0 to 4.12.1 doesn't work 2179978 - [ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA 2183198 - [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO 2186455 - Include at ODF 4.12 container images the RHEL8 CVE fix on "openssl" 5.References: https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEOpudzjgjWX9erEAQgudA//c1DhcceGIufqRhheeM1fMJLx1pr8aS5C fVkwxXyNVip1BZta1fwLstIPEcbNG1Q3xCnjVmDqjxkG4sPh7HdkzmtIVdt9JSBX 3TKSqHUMtP7m1dtlP8xg2fyQ8Om7Ki9xE6KCkijR3TwDZMZOkFtRg6D9MbSPT7+s 3tvq+vEQ2HVr13KEdMC7kSSyvZsqLgCT3LcURFxn/rZipGy+DDJeK8uGhMe2uF43 QPsYBb0qhm2s6T+6QWhBPahOgDxqCtP8KSgO6RNuieubL/E+wr+sV8LBXkrPZ71N QT6MEY7R8x5Af7+04t0INnFg2Bqo+eJPLPgLGpTqFtJeoDm0HAeqliHgv7SFqex5 FPArRIPPgzjjEFASv4dr1r4WKAr9PWaGCrFE4OZM2m5ibQi//SWJuEn1719T5WDf +BGCJ8UfOWOX3J385rECIm2r0ZL5yPq2XBoPJUEcA0I0YSswlOjD6V6ovaROSNrh NU2eA/xSj4vwDTEC+FojZAeL1IT7uAFUJCYMq+zcyqTFRE+C7tDo8zcnVuJVhHq2 xhezfIlbgBbcEHr5omqVp4utqDSCfYfhoGFxUJtW07iEJmq01R9lPsNbdVQsAGW4 8/Xt+P4wU6LIYNcAM4S5yxMy2KMN/rDKwoxSljg4I6dM8uWUJAF2iaGA1+T2dKq5 GfmMJLVuC8A=MYP7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 22, 2023
Red Hat
98
security advisoryred hatbug fixRed Hat OpenShift Data Foundation 4.12.1 Security Update RHSA-2023-1170
Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update Advisory ID: RHSA-2023:1170-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2023:1170 Issue date: 2023-03-08 CVE Names: CVE-2020-10735 CVE-2021-4238 CVE-2021-28861 CVE-2022-3650 CVE-2022-4415 CVE-2022-40897 CVE-2022-45061 CVE-2022-47629 ==================================================================== 1. Summary: Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix: * goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in theReferences section. Bug fixes: * Previously, wrong and unclear error messages were displayed on Failover/Relocate modal. With this fix, appropriate error messages with links to documentation is added to most of the error messages. (BZ#2161903) * With this update, the read operations performance of the Multicloud Object Gateway database is improved. To achieve this, a certain regular expressions that are used by some of the queries that run against the database to serve the required data are pre-compiled. This saves time when run in real-time. (BZ#2149861) * Previously, the default container created in Azure was with public access enabled. With this fix, the default container created will not have the public access enabled which means `AllowBlobPublicAccess` is set to false. (BZ#2168838) * With this update, the `multicluster-orchestrator` operator is listed under the operators supporting disconnected mode installations. To list this operator, the disconnected mode support annotation is added to CSV as the user interface (UI) uses this annotation. (BZ#2166223) All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2123501 - [RDR] Pod stuck due to error "applyFSGroup failed for vol" for a PVC that was relocated 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2159466 - [MDR RDR] Application user unable to invoke Failover and Relocate actions 2161652 - Namespace store fails to get created via the ODF UI 2165493 - [MCG] Azure bs/ns creation fails with target bucket does not exists 2165960 - [4.12.z clone] ocs-operator CSV is missing disconnected env annotation. 2166220 - [RFE] ODF bluewash introduction in4.12.x 2166223 - CSV is missing disconnected env annotation and relatedImages spec 2167301 - [RFE] ODF bluewash introduction in 4.12.x 2167950 - CSV is missing disconnected env annotation and relatedImages spec 2168637 - fix redirect link to operator details page (OCS dashboard) 2170106 - Update to RHCS 5.3z1 Ceph container image at ODF-4.12.1 2170449 - Include at ODF 4.12 container images the RHEL8 CVE fix on "libksba" 5. References: https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-3650 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZAkjw9zjgjWX9erEAQhvEhAAjCAp2/GQUI0yUkWoltJ1BKFH9lyeceh3 KuH5BTN/05smpatHAzv1FzQDXWDi5FdXw9F/EPGfKMK3V86LydVGMjg0OR+ay9NZ ffx9V8RMpyogLX6/P17xtthp+6JHNAZrkjDgNADByVOQppKqQulMIgzsT4BqvuR7 kP/5PDmHdRv6667rTbJFnYJ/KbWq3Yw5yCfocuSViePFEBHcGKZhA39HSs4hWvVe C7jKaK46AIJ5+mEyHzXHIvjb1VnEYdCHrOrYTf6OIx+TXdGnWi5oOQEFrxe/s7D5 G6mk/PAq42yNds/a7ZKg3kiDQhkjnL+2DejnIils2teLtGTSGSOsyv9qX3v0mAPP SM/18C6zH6J1ZjAEIB6byhsGKPbhyi2CybBvTkoylri5oEnD6UR6Z8tREGNusSB8 aomD4SYAcLTZSE1/8pZzTvPmrsEc+fV8LztDYFOK9nm7BDvFPmtco4bpQPV2gT6H xSYmRMhj5aGkg5YxS08+EvfS78VQqzxV+Jx5Hr0nU1QT5cugTgr+RxfBPEVyyAU6 yGg5+kqSa5jGxEJMlNt5NAAHckP7StDdPnye217S1b0P8oeY8EpYJ7xUjHmRuIHQ Vkhp5LMnZFIJwv+Nh9EywMfhB3I9acMAQvRutW+IlY6L6XqJtenqbuUoWA4MO5vV YImyLRk8vWk=6IQw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 09, 2023
•Important
Red Hat
98
security advisoryRed HatDoSImportant Security Update for Red Hat OpenShift Data Foundation 4.11.0
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update Advisory ID: RHSA-2022:6156-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2022:6156 Issue date: 2022-08-24 CVE Names: CVE-2021-23440 CVE-2021-23566 CVE-2021-40528 CVE-2022-0235 CVE-2022-0536 CVE-2022-0670 CVE-2022-1292 CVE-2022-1586 CVE-2022-1650 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24675 CVE-2022-24771 CVE-2022-24772 CVE-2022-24773 CVE-2022-24785 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29526 CVE-2022-29810 CVE-2022-29824 CVE-2022-31129 ==================================================================== 1. Summary: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation issoftware-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery (CVE-2022-24771) * node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772) * node-forge: Signature verification leniency in checking `DigestInfo` structure (CVE-2022-24773) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: crypto/elliptic: panic caused by oversizedscalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1937117 - Deletion of StorageCluster doesn't remove ceph toolbox pod 1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified 1973317 - libceph: read_partial_message and bad crc/signature errors1996829 - Permissions assigned to ceph auth principals when using external storage are too broad 2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2027724 - Warning log for rook-ceph-toolbox in ocs-operator log 2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2047173 - [RFE] Changecontroller-manager pod name in odf-lvm-operator to more relevant name to lvm 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4] 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2056697 - odf-csi-addons-operator subscription failed while using custom catalog source 2058211 - Add validation for CIDR field in DRPolicy 2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced 2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10 2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE 2063691 - [GSS] [RFE] Add termination policy to s3 route 2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2066514 - OCS operator to install Ceph prometheus alerts instead of Rook 2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route 2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery 2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery 2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure 2069314 - OCS external mode should allow specifying names for all Ceph auth principals 2069319 -[RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. 2069812 - must-gather: rbd_vol_and_snap_info collection is broken 2069815 - must-gather: essential rbd mirror command outputs aren't collected 2070542 - After creating a new storage system it redirects to 404 error page instead of the "StorageSystems" page for OCP 4.11 2071494 - [DR] Applications are not getting deployed 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty 2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled 2075426 - 4.10 must gather is not available after GA of 4.10 2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in "Progressing" state although all the openshift-storage pods are up and Running 2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost 2077242 - vg-manager missing permissions 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2079866 - [DR] odf-multicluster-console is in CLBO state 2079873 - csi-nfsplugin pods are not coming up after successful patch request to update "ROOK_CSI_ENABLE_NFS": "true"' 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2081680 - Add the LVM Operator into the Storage category in OperatorHub 2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation 2082078 - OBC's not getting created on primary cluster when manageds3 set as "true" for mirrorPeer 2082497 - Do not filter out removable devices 2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed inceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending) 2083441 - LVM operator should deploy the volumesnapshotclass resource 2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status 2083993 - Add missing pieces for storageclassclaim 2084041 - [Console Migration] Link-able storage system name directs to blank page 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided" 2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates 2084546 - [Console Migration] Provider details absent under backing store in UI 2084565 - [Console Migration] The creation of new backing store , directs to a blank page 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred 2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace 2086557 - Thin pool in lvm operator doesn't use all disks 2086675 - [UI]No option to "add capacity" via the Installed Operators tab 2086982 - ODF 4.11 deployment is failing 2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm 2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown 2087107 - Set default storage class if none is set 2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message 2087675 - ocs-metrics-exporter pod crashes on odf v4.11 2087732 - [Console Migration] Events page missing under new namespace store 2087755 - [Console Migration] Bucket Class details page doesn't have the complete details in UI 2088359 - Send VGMetrics even if storage is being consumed from thinPool alone 2088380 - KMS using vault on standalone MCG cluster is not enabled 2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint 2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook 2089296 - [MS v2] Storage cluster in error phase and 'ocs-provider-qe' addon installation failed with ODF 4.10.2 2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts 2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9. 2089552 - [MS v2] Cannot create StorageClassClaim 2089567 - [Console Migration] Improve the styling of Various Components 2089786 - [Console Migration] "Attach to deployment" option is missing in kebab menu for Object Bucket Claims . 2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket. 2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed 2090278 - [LVMO] Some containers are missing resource requirements and limits 2090314 - [LVMO] CSV is missing some useful annotations 2090953 - [MCO] DRCluster created under default namespace 2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics 2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool. 2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference 2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external 2091894 - All backingstores in cluster spontaneously change their own secret 2091951 - [GSS] OCS pods are restarting due to liveness probe failure 2091998 - Volume Snapshots not work with external restricted mode 2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool 2092217 - [External] UI for uploding JSON data for external clusterconnection has some strict checks 2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le) 2092349 - Enable zeroing on the thin-pool during creation 2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase 2092400 - [MS v2] StorageClassClaim creation is failing with error "no StorageCluster found" 2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically 2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected 2094179 - MCO fails to create DRClusters when replication mode is synchronous 2094853 - [Console Migration] Description under storage class drop down in add capacity is missing . 2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount 2095155 - Use tool `black` to format the python external script 2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster 2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time 2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page 2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened 2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False 2096937 - Storage - Data Foundation: i18n misses 2097216 - Collect StorageClassClaim details in must-gather 2097287 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page 2097305 - Add translations for ODF 4.11 2098121 - Managed ODF not getting detected 2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment 2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount 2099265 - [KMS] The storagesystemcreation page goes blank when KMS is enabled 2099581 - StorageClassClaim with encryption gets into Failed state 2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project 2099646 - Block pool list page kebab action menu is showing empty options 2099660 - OCS dashbaords not appearing unless user clicks on "Overview" Tab 2099724 - S3 secret namespace on the managed cluster doesn't match with the namespace in the s3profile 2099965 - rbd: provide option to disable setting metadata on RBD images 2100326 - [ODF to ODF] Volume snapshot creation failed 2100352 - Make lvmo pod labels more uniform 2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary 2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install 2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection 2103818 - Restored snapshot don't have any content 2104833 - Need to update configmap for IBM storage odf operator GA 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5.References: https://access.redhat.com/security/cve/CVE-2021-23440 https://access.redhat.com/security/cve/CVE-2021-23566 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-0670 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24771 https://access.redhat.com/security/cve/CVE-2022-24772 https://access.redhat.com/security/cve/CVE-2022-24773 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-29810 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYwZpHdzjgjWX9erEAQgy1Q//QaStGj34eQ0ap5J5gCcC1lTv7U908fNy Xo7VvwAi67IslacAiQhWNyhg+jr1c46Op7kAAC04f8n25IsM+7xYYyieJ0YDAP7N b3iySRKnPI6I9aJlN0KMm7J1jfjFmcuPMrUdDHiSGNsmK9zLmsQs3dGMaCqYX+fY sJEDPnMMulbkrPLTwSG2IEcpqGH2BoEYwPhSblt2fH0Pv6H7BWYF/+QjxkGOkGDj gz0BBnc1Foir2BpYKv6/+3FUbcXFdBXmrA5BIcZ9157Yw3RP/khf+lQ6I1KYX1Am 2LI6/6qL8HyVWyl+DEUz0DxoAQaF5x61C35uENyh/U96sYeKXtP9rvDC41TvThhf mX4woWcUN1euDfgEF22aP9/gy+OsSyfP+SV0d9JKIaM9QzCCOwyKcIM2+CeL4LZl CSAYI7M+cKsl1wYrioNBDdG8H54GcGV8kS1Hihb+Za59J7pf/4IPuHy3Cd6FBymE hTFLE9YGYeVtCufwdTw+4CEjB2jr3WtzlYcSc26SET9aPCoTUmS07BaIAoRmzcKY 3KKSKi3LvW69768OLQt8UT60WfQ7zHa+OWuEp1tVoXe/XU3je42yuptCd34axn7E 2gtZJOocJxL2FtehhxNTx7VI3Bjy2V0VGlqqf1t6/z6r0IOhqxLbKeBvH9/XF/6V ERCapzwcRuQ=gV+z -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 24, 2022
•Important
Red Hat
98
security advisorybug fixsecurity enhancementsRed Hat 4.10 Important: RHSA-2022:1372-01 Critical Security Issues
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update Advisory ID: RHSA-2022:1372-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2022:1372 Issue date: 2022-04-13 CVE Names: CVE-2021-29923 CVE-2021-34558 CVE-2021-36221 CVE-2021-43565 CVE-2021-44716 CVE-2021-44717 ==================================================================== 1. Summary: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: limit growth ofheader canonicalization cache (CVE-2021-44716) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) Bug Fix(es): These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements. or more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1898988 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. 1954708 - [GSS][RFE] Restrict Noobaa from creating public endpoints for Azure Private Cluster 1956418 - [GSS][RFE] Automatic space reclaimation for RBD 1970123 - [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2 1972190 - Attempt to remove pv-pool based noobaa-default-backing-store fails and makes this pool stuck in Rejected state 1974344 - critical ClusterObjectStoreState alert firing after installation of arbiter storage cluster, likely because ceph object user for cephobjectstore fails to be created, when storagecluster is reinstalled 1981341 - Changing a namespacestore's targetBucket field doesn't check whether thetarget bucket actually exists 1981694 - Restrict Noobaa from creating public endpoints for IBM ROKS Private cluster 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1991462 - helper pod runs with root privileges during Must-gather collection(affects ODF Managed Services) 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1996830 - OCS external mode should allow specifying names for all Ceph auth principals 1996833 - ceph-external-cluster-details-exporter.py should have a read-only mode 1999689 - Integrate upgrade testing from ocs-ci to the acceptance job for final builds before important milestones 1999952 - Automate the creation of cephobjectstoreuser for obc metrics collector 2003532 - [Tracker for RHEL BZ #2008825] Node upgrade failed due to "expected target osImageURL" MCD error 2005801 - [KMS] Tenant config does not override backendpath if the key is specified in UPPER_CASE 2005919 - [DR] [Tracker for BZ #2008587] when Relocate action is performed and the Application is deleted completely rbd image is not getting deleted on secondary site 2021313 - [GSS] Cannot delete pool 2022424 - System capacity card shows infinity % as used capacity. 2022693 - [RFE] ODF health should reflect the health of Ceph + NooBaa 2024107 - Retrieval of cached objects with `s3 sync` after change in object size in underlying storage results in an InvalidRange error 2024545 - Overprovision Level Policy Control doesn't support custom storageclass 2026007 - Use ceph 'osd safe-to-destroy' feature in OSD purge job 2027666 - [DR] CephBlockPool resources reports wrong mirroringStatus 2027826 - OSD Removal template needs to expose option to force remove the OSD 2028559 - OBC stuck on pending post node failure recovery 2029413 - [DR] Dummy image size is same as the size of image forwhich it was created 2030602 - MCG not reporting standardized metric correctly for usage 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030839 - Concecutive dashes in OBC name 2031023 - "dbStorageClassName" goes missing in storage cluster yaml for mcg standalone mode 2031705 - [GSS] OBC is not visible by admin of a Project on Console 2032404 - After a node restart, the RGW pod is stuck in a CrashLoopBackOff state 2032412 - [DR] After Failback and PVC deletion the rbd images are left in trash 2032656 - Rook not recovering when deleting osd deployment with kms encryption 2032969 - No RBD mirroring daemon down alert when daemon is down 2032984 - After creating a new SC it redirects to 404 error page instead of the "StorageSystems" page 2033251 - Fix ODF 4.9 compatibility with OCP 4.10 2034003 - NooBaa endpoint pod Terminated before new one comes in Running state after editing the configmap 2034805 - upgrade not started for ODF 4.10 2034904 - OCS operator version differ in CLI commands. 2035774 - Must Gather, Ceph files do not exist on MG directory 2035995 - [GSS] odf-operator-controller-manager is in CLBO with OOM kill while upgrading OCS-4.8 to ODF-4.9 2036018 - ROOK_CSI_* overrides missing from the CSV in 4.10 2036211 - [GSS] noobaa-endpoint becomes CrashLoopBackOff when uploading metrics data to bucket 2037279 - [Azure] OSDs go into CLBO state while mounting an RBD PVC 2037318 - Helper Pod doesn't come up for MCG only must-gather 2037497 - Concecutive dashes in OBC name 2038884 - noobaa-operator is stuck in a CrashLoopBackOff (r.OBC is nil, invalid memory address or nil pointer dereference) 2039240 - [KMS] Deployment of ODF cluster fails when cluster wide encryption is enabled using service account for KMS auth 2040682 - [GSS] Complete multipart upload operation fails with error ' Cannotread property 'sort' of undefined' 2041507 - Missing add modal for action "add capacity" in UI . 2042866 - must gather does not collect the yaml or describe output of the subscription 2043017 - "CSI Addons" operator is not hidden in OperatorHub and Installed Operators page 2043028 - the CSI-Addons sidecar is not automatically deployed, requires enabling in Rook ConfigMap 2043406 - ReclaimSpaceJob status showing "reclaimedSpace" value as "0" 2043513 - [Tracker for Ceph BZ 2044836] mon is in CLBO after upgrading to 4.10-113 2044447 - ODF 4.9 deployment fails when deployed using the ODF managed service deployer (ocs-osd-deployer) 2044823 - Update CSI sidecars to the latest release for 4.10 2045084 - [SNO] controller-manager state is CreateContainerError 2046186 - A TODO text block in the API browser 2046254 - Topolvm-controller is failing to pull image 2046677 - Reclaimspacecronjob is not created after adding the annotation reclaimspace.csiaddons.openshift.io/schedule in PVC 2046766 - [IBM Z]: csi-rbdplugin pods failed to come up due to ImagePullBackOff from the "csiaddons" registry 2046887 - use KMS_PROVIDER name for IBM key protect service as "ibmkeyprotect" 2047162 - ReclaimSpaceJob failing, fstrim is executed on a non-existing mountpoint/directory 2047201 - Add HPCS secret name to Ceph and NooBaa CR 2047562 - CSI Sidecar containers do not start 2047565 - PVC snapshot creation is not successful 2047625 - Dockerfile changes for topolvm 2047632 - mcg-operator failed to install on 4.10.0-126 2047642 - Replace alpine/openssl image in the downstream build 2048107 - vgmanager cannot list block devices on the node 2048370 - CSI-Addons controller makes node reclaimspace request even when the PVC is not mounted to any pod. 2048458 - python exporter script 'ceph-external-cluster-details-exporter.py' error cap mon does not match on ODF 4.10 2049029 - MCG admission control webhooks don't work 2049075 - openshift-storage namespace is stuck in terminating state during uninstall due to remainingcsi-addons resources 2049081 - ReclaimSpaceJob is failing for RBD RWX PVC 2049424 - ODF Provider/Consumer mode - backport for missing content 2049509 - ocs operator stuck on CrashLoopBackOff while installing with KMS 2049718 - provider/consumer Mode: rook-ceph-csi-config configmap needs to be updated with the relevant subvolumegroup information 2049727 - [DR] Mirror Peer stuck in ExchangingSecret State 2049771 - We can see 2 ODF Multicluster Orchestrator operators in operator hub page 2049790 - Add error handling for GetCurrentStorageClusterRef 2050056 - [GSS][KMS] Tenant configmap does not override vault namespace 2050142 - [DR] MCO operator is setting s3region as empty inside s3storeprofiles 2050402 - Ramen doesn't generate correct VRG spec in sync mode 2050483 - [DR]post creating MirrorPeer, the ramen config map had invalid values 2051249 - [GSS]noobaa-db-pg-0 Pod stuck CrashLoopBackOff state 2051406 - Need commit hash in package json and logs 2051599 - Use AAD while unwrapping the KEY from HPCS/Key Protect KMS 2051913 - [KMS] Skip SC creation for vault SA based kms encryption 2052027 - cephfs: rados omap leak after deletesnapshot 2052438 - [KMS] Storagecluster is in progressing state due to failed RGW deployment when using cluster wide encryption with kubernetes auth method 2052937 - [KMS] Auto-detection of KV version fails when using Vault namespaces 2052996 - ODF deployment fails using RHCS in external mode due to cephobjectstoreuser 2053156 - Avoid worldwide permission mode setting at time of nodestage of CephFS share 2053517 - [DR] Applications are not getting DR protected 2054147 - Provider/Consumer: Provider API server crashloopbackoff 2054755 - Update storagecluster API in the odf-operator 2061251 - [GSS]Object Upload failed with Unhandled exception when not using parameter "UseChunkEncoding = false" in s3 client in ODF 4.9 5.References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlf0YdzjgjWX9erEAQiBfQ/9GAtNJ4oagyNDaHfbMaeGA/GCeiBiweH9 E3FYVd8Vedz6uxuL02Vm0yY6jlr7QWJADRExIEcRLZ63ctR4hdwzCs2EIWICEuSv 2Wl4MtVXTOe8b95UTNL8frkvTNoijGqAIN7NMpMenPeSJBM38Lwt/gAoYt4//CpK afZmyfFTkGkoEGZ3hKvZpX2rQ/5zr1kAMErPZW71wctVcNAnv85DnThQQ+qy2UzI xyBwU3gGUtTLzy7TRgauMbu8/y6JvRCsuoaeBUU4bLJIOL5ES851OpDP+nzGvx+H M2yXB6ATHJ4YdqBM4wBCzXxApQD+FKFSCZoZMKpr1d1dZXPO0L0CUNFrNFHubLkk xBLqFpHAEB89R+jZcrum1dBGEVB+Q2vqCRe6Udbjlyy20dS06jhBU8Zf2lt2Vo4u Nfwpyb7rByXYXf0Bc+TYhXW6oIJSufvGWQp5pBkmlgi5YeV4VnHCEf4GuLbaPwFL /009HbW6E1D+DTAbqUodpywOUEXeGZnNkSZH6xHazvNw4bXlCv+FlaMiKlrWIWMm CZc98Enap/x84e0Py1gXNaReZedBBqi79US/zjKF9zr5r+yeat7zPAUduV69JMOh vs5mXlCNc2JObCxEfYAGsI0LVOQQdaceIkUpUC9Ejq1Ei3ehhan6UxkFk5TJHOrF TdB2/S/YEtk=2Ut5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!