Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 21 articles for you...
98
security advisorysecurity issuesoftware updateRed Hat: RHSA-2023:3905-01 Important Update for Network Observability
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Network observability 1.3.0 for Openshift Advisory ID: RHSA-2023:3905-01 Product: Network Observability Advisory URL: https://access.redhat.com/errata/RHSA-2023:3905 Issue date: 2023-06-28 CVE Names: CVE-2022-28805 CVE-2022-36227 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 CVE-2023-24539 CVE-2023-24540 CVE-2023-27535 CVE-2023-29400 ==================================================================== 1. Summary: Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) For more details about the securityissue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): NETOBSERV-1003 - include metrics role and rolebinding in operator bundle NETOBSERV-1070 - FLP metrics is not populated with TLS scheme NETOBSERV-166 - Multitenancy support in Network Observability for project admins NETOBSERV-391 - Metrics & prometheus setup - flow based dashboards and metrics NETOBSERV-576 - Multi-arch builds - amd64, ppc64le, arm64 NETOBSERV-765 - Plugin's ServiceMonitor doesn't work NETOBSERV-773 - Copy certificates across namespaces NETOBSERV-776 - Implement RBAC control in Loki Gateway NETOBSERV-901 - Console integration (admin perspective) NETOBSERV-934 - Add SCTP/ICMPv4/ICMPv6 support to ebpf agent NETOBSERV-971 - portNaming cannot be disabled NETOBSERV-972 - user authentication fails for non-kubeadmin users despite they're in cluster-admin groups NETOBSERV-976 - Not able to disable alerts NETOBSERV-981 - add must-gather support for network-observability NETOBSERV-984 - KafkaInterBrokerProtocalVersion throws warning and has ingestion errors 6.References: https://access.redhat.com/security/cve/CVE-2022-28805 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJxWj9zjgjWX9erEAQhGvxAAlqe2wRYPbDiTD3U94mCKBvCm6LseRogK h+/FLgFUIVmt4wdDRA6O1S+wEqzeHbK1HVgHbU40u4hFU/0M1PEJsiDOyC4hAioO YDry9NxjaCdd4gRtwq8xuBwyeWvRN6sZna1ei/kUcy+1pvJc+YNVMoW3KyBVa2Kp dMdCoVvOt0/yggqFix4bRlzldS1HqBPT3PCSqWJO5OsLa1HyPDmsPYLTzJBXBgiZ of9tgcZ0iwM6/2P6hmKjrKX3hVFNAN47mbmF6u5XfxPywLCEcg5p5eWl1pfJoAYO GwLn0EgW7SKd6Woaq3BIY8MN0+8L9vOba8zWV2ZS1Jkio1RBiBpeoINbFJObXr5N tkKxkJGlnoSypLARdUl5HZwd6MxbVnB1+JQMnjJKCn+VWjxrqCzENMYDrjEzcaLD HyD3HNOriA8ZCvtXOIqVIzKfqAeO++FUn7OUU9U1aBo9zc/AdpeGzBAiW09E9o1d cpPdxfEFYl0uEqw3ZdlXYb58dCU9UsVdS6wxhJSIUtdWiqdLXmXzI/1ZdfSXIOwr 9ud3epfl6clFx8Ibt9VXLD4GUU58v+Q46pDtE6Flcf+8AXN5Mn6tanOOQs1JsuVM oxS+DfzbBZeJnLyEpW6YbMhbGqV8QXm6TF8c+IGAEpGjQwGTblX3BmOf/ijj7Hxt KmF4LPB8n6E=8qT8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 28, 2023
•Important
Red Hat
98
security advisorysecurity fiximportantRed Hat OpenShift 4.12.20 Security Update: RHSA-2023-3409-01 Important Fix
Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.12.20 packages and security update Advisory ID: RHSA-2023:3409-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3409 Issue date: 2023-06-07 CVE Names: CVE-2023-24540 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.20 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Ironic content for Red Hat OpenShift Container Platform 4.12 - noarch Red Hat OpenShift Container Platform 4.12 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.20. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:3410 Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s),including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 6. Package List: Red Hat OpenShift Container Platform4.12: Source: NetworkManager-1.36.0-14.el8_6.src.rpm buildah-1.23.4-4.1.rhaos4.12.el8.src.rpm cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el8.src.rpm openshift-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el8.src.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.src.rpm skopeo-1.9.4-2.1.rhaos4.12.el8.src.rpm aarch64: NetworkManager-1.36.0-14.el8_6.aarch64.rpm NetworkManager-adsl-1.36.0-14.el8_6.aarch64.rpm NetworkManager-adsl-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-bluetooth-1.36.0-14.el8_6.aarch64.rpm NetworkManager-bluetooth-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-cloud-setup-1.36.0-14.el8_6.aarch64.rpm NetworkManager-cloud-setup-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-debugsource-1.36.0-14.el8_6.aarch64.rpm NetworkManager-libnm-1.36.0-14.el8_6.aarch64.rpm NetworkManager-libnm-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-libnm-devel-1.36.0-14.el8_6.aarch64.rpm NetworkManager-ovs-1.36.0-14.el8_6.aarch64.rpm NetworkManager-ovs-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-ppp-1.36.0-14.el8_6.aarch64.rpm NetworkManager-ppp-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-team-1.36.0-14.el8_6.aarch64.rpm NetworkManager-team-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-tui-1.36.0-14.el8_6.aarch64.rpm NetworkManager-tui-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-wifi-1.36.0-14.el8_6.aarch64.rpm NetworkManager-wifi-debuginfo-1.36.0-14.el8_6.aarch64.rpm NetworkManager-wwan-1.36.0-14.el8_6.aarch64.rpm NetworkManager-wwan-debuginfo-1.36.0-14.el8_6.aarch64.rpm buildah-1.23.4-4.1.rhaos4.12.el8.aarch64.rpm buildah-debuginfo-1.23.4-4.1.rhaos4.12.el8.aarch64.rpm buildah-debugsource-1.23.4-4.1.rhaos4.12.el8.aarch64.rpm buildah-tests-1.23.4-4.1.rhaos4.12.el8.aarch64.rpm buildah-tests-debuginfo-1.23.4-4.1.rhaos4.12.el8.aarch64.rpm cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el8.aarch64.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el8.aarch64.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el8.aarch64.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.aarch64.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el8.aarch64.rpm skopeo-1.9.4-2.1.rhaos4.12.el8.aarch64.rpm skopeo-debuginfo-1.9.4-2.1.rhaos4.12.el8.aarch64.rpm skopeo-debugsource-1.9.4-2.1.rhaos4.12.el8.aarch64.rpm skopeo-tests-1.9.4-2.1.rhaos4.12.el8.aarch64.rpm noarch: NetworkManager-config-connectivity-redhat-1.36.0-14.el8_6.noarch.rpm NetworkManager-config-server-1.36.0-14.el8_6.noarch.rpm NetworkManager-dispatcher-routing-rules-1.36.0-14.el8_6.noarch.rpm ppc64le: NetworkManager-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-adsl-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-adsl-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-bluetooth-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-bluetooth-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-cloud-setup-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-cloud-setup-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-debugsource-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-libnm-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-libnm-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-libnm-devel-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-ovs-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-ovs-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-ppp-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-ppp-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-team-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-team-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-tui-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-tui-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-wifi-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-wifi-debuginfo-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-wwan-1.36.0-14.el8_6.ppc64le.rpm NetworkManager-wwan-debuginfo-1.36.0-14.el8_6.ppc64le.rpm buildah-1.23.4-4.1.rhaos4.12.el8.ppc64le.rpm buildah-debuginfo-1.23.4-4.1.rhaos4.12.el8.ppc64le.rpm buildah-debugsource-1.23.4-4.1.rhaos4.12.el8.ppc64le.rpm buildah-tests-1.23.4-4.1.rhaos4.12.el8.ppc64le.rpm buildah-tests-debuginfo-1.23.4-4.1.rhaos4.12.el8.ppc64le.rpm cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el8.ppc64le.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el8.ppc64le.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el8.ppc64le.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el8.ppc64le.rpm skopeo-1.9.4-2.1.rhaos4.12.el8.ppc64le.rpm skopeo-debuginfo-1.9.4-2.1.rhaos4.12.el8.ppc64le.rpm skopeo-debugsource-1.9.4-2.1.rhaos4.12.el8.ppc64le.rpm skopeo-tests-1.9.4-2.1.rhaos4.12.el8.ppc64le.rpm s390x: NetworkManager-1.36.0-14.el8_6.s390x.rpm NetworkManager-adsl-1.36.0-14.el8_6.s390x.rpm NetworkManager-adsl-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-bluetooth-1.36.0-14.el8_6.s390x.rpm NetworkManager-bluetooth-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-cloud-setup-1.36.0-14.el8_6.s390x.rpm NetworkManager-cloud-setup-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-debugsource-1.36.0-14.el8_6.s390x.rpm NetworkManager-libnm-1.36.0-14.el8_6.s390x.rpm NetworkManager-libnm-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-libnm-devel-1.36.0-14.el8_6.s390x.rpm NetworkManager-ovs-1.36.0-14.el8_6.s390x.rpm NetworkManager-ovs-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-ppp-1.36.0-14.el8_6.s390x.rpm NetworkManager-ppp-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-team-1.36.0-14.el8_6.s390x.rpm NetworkManager-team-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-tui-1.36.0-14.el8_6.s390x.rpm NetworkManager-tui-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-wifi-1.36.0-14.el8_6.s390x.rpm NetworkManager-wifi-debuginfo-1.36.0-14.el8_6.s390x.rpm NetworkManager-wwan-1.36.0-14.el8_6.s390x.rpm NetworkManager-wwan-debuginfo-1.36.0-14.el8_6.s390x.rpm buildah-1.23.4-4.1.rhaos4.12.el8.s390x.rpm buildah-debuginfo-1.23.4-4.1.rhaos4.12.el8.s390x.rpm buildah-debugsource-1.23.4-4.1.rhaos4.12.el8.s390x.rpm buildah-tests-1.23.4-4.1.rhaos4.12.el8.s390x.rpm buildah-tests-debuginfo-1.23.4-4.1.rhaos4.12.el8.s390x.rpm cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el8.s390x.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el8.s390x.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el8.s390x.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el8.s390x.rpm skopeo-1.9.4-2.1.rhaos4.12.el8.s390x.rpm skopeo-debuginfo-1.9.4-2.1.rhaos4.12.el8.s390x.rpm skopeo-debugsource-1.9.4-2.1.rhaos4.12.el8.s390x.rpm skopeo-tests-1.9.4-2.1.rhaos4.12.el8.s390x.rpm x86_64: NetworkManager-1.36.0-14.el8_6.x86_64.rpm NetworkManager-adsl-1.36.0-14.el8_6.x86_64.rpm NetworkManager-adsl-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-bluetooth-1.36.0-14.el8_6.x86_64.rpm NetworkManager-bluetooth-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-cloud-setup-1.36.0-14.el8_6.x86_64.rpm NetworkManager-cloud-setup-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-debugsource-1.36.0-14.el8_6.x86_64.rpm NetworkManager-libnm-1.36.0-14.el8_6.x86_64.rpm NetworkManager-libnm-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-libnm-devel-1.36.0-14.el8_6.x86_64.rpm NetworkManager-ovs-1.36.0-14.el8_6.x86_64.rpm NetworkManager-ovs-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-ppp-1.36.0-14.el8_6.x86_64.rpm NetworkManager-ppp-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-team-1.36.0-14.el8_6.x86_64.rpm NetworkManager-team-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-tui-1.36.0-14.el8_6.x86_64.rpm NetworkManager-tui-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-wifi-1.36.0-14.el8_6.x86_64.rpm NetworkManager-wifi-debuginfo-1.36.0-14.el8_6.x86_64.rpm NetworkManager-wwan-1.36.0-14.el8_6.x86_64.rpm NetworkManager-wwan-debuginfo-1.36.0-14.el8_6.x86_64.rpm buildah-1.23.4-4.1.rhaos4.12.el8.x86_64.rpm buildah-debuginfo-1.23.4-4.1.rhaos4.12.el8.x86_64.rpm buildah-debugsource-1.23.4-4.1.rhaos4.12.el8.x86_64.rpm buildah-tests-1.23.4-4.1.rhaos4.12.el8.x86_64.rpm buildah-tests-debuginfo-1.23.4-4.1.rhaos4.12.el8.x86_64.rpm cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el8.x86_64.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el8.x86_64.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el8.x86_64.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el8.x86_64.rpm skopeo-1.9.4-2.1.rhaos4.12.el8.x86_64.rpm skopeo-debuginfo-1.9.4-2.1.rhaos4.12.el8.x86_64.rpm skopeo-debugsource-1.9.4-2.1.rhaos4.12.el8.x86_64.rpm skopeo-tests-1.9.4-2.1.rhaos4.12.el8.x86_64.rpm Red Hat OpenShift Container Platform4.12: Source: cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el9.src.rpm openshift-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el9.src.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.src.rpm aarch64: cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el9.aarch64.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el9.aarch64.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el9.aarch64.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.aarch64.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el9.aarch64.rpm ppc64le: cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el9.ppc64le.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el9.ppc64le.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el9.ppc64le.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.ppc64le.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el9.ppc64le.rpm s390x: cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el9.s390x.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el9.s390x.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el9.s390x.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.s390x.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el9.s390x.rpm x86_64: cri-o-1.25.3-5.rhaos4.12.git44a2cb2.el9.x86_64.rpm cri-o-debuginfo-1.25.3-5.rhaos4.12.git44a2cb2.el9.x86_64.rpm cri-o-debugsource-1.25.3-5.rhaos4.12.git44a2cb2.el9.x86_64.rpm openshift-clients-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.x86_64.rpm openshift-clients-redistributable-4.12.0-202305301015.p0.g97c75d0.assembly.stream.el9.x86_64.rpm openshift-hyperkube-4.12.0-202305301919.p0.g3fe2906.assembly.stream.el9.x86_64.rpm Ironic content for Red Hat OpenShift Container Platform4.12: Source: openstack-ironic-21.0.1-0.20230510075533.c4154f7.el9.src.rpm noarch: openstack-ironic-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm openstack-ironic-api-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm openstack-ironic-common-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm openstack-ironic-conductor-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm openstack-ironic-dnsmasq-tftp-server-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm python3-ironic-tests-21.0.1-0.20230510075533.c4154f7.el9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZIEqHtzjgjWX9erEAQgCjg/9EbauifmJirae3sgXLMWvhcHQeG8OKXCY 5c6hGq1XXV5ulatHuqIuu06Cv0woD8ZMJIweDR9ZPUeMCDqREq986PDh7s7pDYJl rKYhpX5jH6wUV1u8+yfQtpS26SdcTEvTON8lYWl+bgU2U0ImfNCoqZdodhGB28HA G4JluefXqCtk58WwR8G3zInZP96if6XBX1FmgGzj6RBoqdR+ArirrBDrc5yMxhdd 7l0ZNm4PMvuS9h+sih2OH6S+5RFyIFYKgrQkkQs27Dy200KD9+RcG8jlAIYU6Jca QiO5ShopDP9NKsWoqXyl3bEx7a3SZM+KRee7ru+tbGj7KKmZUGTn8aH7DxeJ3e+n BdVXmE5RWRk7q5yWgJohZVGOifnpMrukA23zAJdvA9IoJYJVHF21Wxq1l2LzCNd3 WTPv6FDR21ItFKKlwoB0ktRBGSnJMwrS5SsxRAjnlUl9wlYBqgEoJlcwxv22l8wk nCe6064beHbGJRDGOTm+Q4HjUgIfgcPt3O6wMkNk/39yrE1i94mBzegPRNGOz5bo wNIK3+lwoAoJB0DwCSzRLIzlPaSTDk+wP2LOWe34Vmuhrd/dJ2t2kQiRfCeQ7Iyz uF8rzhBEfYP+AYLDLb5THS6IXSwgprVShvdEGAaowFk/IMa+G5YflPb38h8qQSkf ZLt4llK0+7A=Qln+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 08, 2023
•Important
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift 1.1.1 RHSA-2023:0584-01 Moderate: Scheduler Update
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update Advisory ID: RHSA-2023:0584-01 Product: OSSO Advisory URL: Issue date: 2023-05-18 CVE Names: CVE-2021-46848 CVE-2022-1304 CVE-2022-1586 CVE-2022-2880 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27664 CVE-2022-30293 CVE-2022-32189 CVE-2022-32190 CVE-2022-34903 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 CVE-2022-41717 CVE-2022-41724 CVE-2022-41725 CVE-2022-42898 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-23916 ==================================================================== 1. Summary: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Security Fix(es): * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang:net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): WRKLDS-653 - New SSO 1.1.1 release to address existing CVEs 6.References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGa599zjgjWX9erEAQhr4A/+Ki9SxUDxWnm1pb4AEOxtHInGixGrqqsu xXRmwFcqSYJfXKYmr4Cwkcf5oVlDObHfKhcLqpFm4r1jOF37vMNfI3nrGSVaQ1dc bcqExxXWUPZQHBj25a6oKZx5To87fYrV7axeaeuYh+E2ktT1yEr619zCVlqisw1T nB/RdchGNEjZk9galUH63fzdZVQ3pbvaVBkOgTez5D9CK7Dw/PADAcTgKvFMa9Qk NBqihu0JemHi0wzCfIC/ozskEqdyE15Ut8pCywlD860VGSURR2T3zTzYATSmzzBK +EeI0P6/g7qWMBO7ldXlE22JriK5t97rY2EIR8bX9uiKrIVtppkpclxx76/QceMR zFFuh89SZLNhXLBZbtukLVhSudIecKHB+ytbYsY5YWaxcOuyj4/27odSCT8ftwkY QhzERjurqMJKS6k4JqfcAvJgsmIM1+f6Ct6XCgFcl4oj6pYYGaSk7IUOYtLdmj6u kNyW0C8HCmBST4lNrSmaj61+lgt4w6vA/398iS3R2QqHRdyffsA9w/zXHN9sEXOn OrD0RAA6+9wNq818HmKeZB5GDc0d9UOPCxfMepfUXahqKeTTDlKikzpUlrQ4l5c2 MlI6MgX8rTc+DwZnNCZ3r3MWWtSutmVuZ4fFrDv60GrDpMnMqt1XUawSIAvDcYuv 5jEpoBq/I5k=Ryg7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2023
Red Hat
98
security advisorymoderatered hatRed Hat OpenShift 5.4.12 Moderate Advisory: Logging Subsystem Threats Fixed
Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.4.12 - Red Hat OpenShift Advisory ID: RHSA-2023:0931-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:0931 Issue date: 2023-03-08 CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-4415 CVE-2022-40897 CVE-2022-41717 CVE-2022-45061 CVE-2022-48303 ==================================================================== 1. Summary: Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.4.12 - Red Hat OpenShift Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server acceptingHTTP/2 requests 5. References: https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZAkjzdzjgjWX9erEAQi7PA//YE7lj6Ryur2gPuSpmcloAyImtvakNJUr WAxUTc3Gtz0mvIRPF5YG5BMALEcAWFKmqGDw53b8MjwqEvV+Swh8KtrBQwlrtmtj /fMzAAfEDaN+4DfYJK8wMLGcaVz0ZijvVV8w1ymsxmKDtvtQ23dLztdLqIBzyGgu l6olgtO5roLrxM5RULhzOS3VIRP8CKiWzC+nlQxDkFpugDGGUQzcghschHMBM2Vr 6cXZQPx9Q/8D/0aTaacC+QiVXKo9+/t71WC4XFgzzT4E3C0y1L2RKQgImKEyjFVr Lcvd15PcFisgTkSaSbYVoqiOwr0ioJ+zU5rhJakecCf+tTkjidVklPXWKHoWnVNA lBjcJ1mwHT+q5ynwMWrC+7rZi/Z51Ncj5swbcXrxD3AL89S57LOweaHy5en2ji08 F2TUPdBz+FkcirdIbFKKwCee7JWL3JIV4x945t2Par2xhEOW9c0lMQoY12/Md7aL kvPbrx6gP/iXYVGZMk0ADFWAkeRdOcOr5VNEZT5eCyJ4MWdDtoslETE2Xzw42/Ue fhhDSPIGKp4ZsccfZf4YHGeARBboL/0i4VPBbOXzXic38vuB8qwPI7Ex12Xc8ZBT BYyPWhB3xVm8WwqwrFloZ5csk6QlvZirgkVYQBvYN6BR4985/++zs3p7XY3vk0da Sphu1dy+szA=Hbxe -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 09, 2023
Red Hat
98
security advisorymoderatered hatRedHat: RHSA-2023-0932 Moderate: Logging Subsystem Memory Growth Threat
Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.6.3 - Red Hat OpenShift Advisory ID: RHSA-2023:0932-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2023:0932 Issue date: 2023-03-08 CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-2873 CVE-2022-4415 CVE-2022-24999 CVE-2022-40897 CVE-2022-41222 CVE-2022-41717 CVE-2022-43945 CVE-2022-45061 CVE-2022-48303 ==================================================================== 1. Summary: Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.6.3 - Red Hat OpenShift Security Fix(es): * express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, referto: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-3717 - [release-5.6] Store tenant.yaml in secret instead of configmap LOG-3729 - [release-5.6] /var/log/oauth-server/audit.log not being scraped by log collector 6. References: https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-2873 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-24999 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41222 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-43945 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZAkjxtzjgjWX9erEAQjtcQ/+Ks/8FFYh3j3tgpUXlIJOGTwpRtXOgrnj maxtiWT24K/akjZ1XQKmUS1Bie4aDnW/2emBWDoFDoIYZ3E7fgEAUTSyp1uLzau+ i6+ZRQsrusMamh6+TA1BcW5IRJ0xw9A/ssU6xYipt0dweVV1P0MQfCXrU8MdjMM1 sJph4xDtCTTkYx+pJvERHHLkPXWrqD4NejRFJidfvKL2VBx6wRcz3BCDie2F3Wbc thuUGdoOaWldGCAtwJA73Bhwxn5AiHfetXaa4DjNpAUfmWhzkztpgptI5B6NoI0E 0JjIhvKu3ABFaSgx8FNTU5F0PENReFknLHICwykM/1HUITJD6vsyBbNwdqJKUOT3 mPneC3iZlFh7uIXmWL2pB36VijoYnboQ4b8/PEPDwig54P7MdsPwp0B7uSInDZWa folHil8eSORnO6tC46aVnQIMWB+JG6l5P0V/72exZn3L4T5668evG7QbFIIT4foU F4eNf+h/Rkj4dfPTaCInxd/jrGrJgT/H2Q6+A9W6GxVGZgIwh1GRddmRA8/sTESR 5ld/uCluldZd9eVtLg196QB4lWaYi0Xiw0Up3+rMSFDeQCglbRHsn4EBsfixq/Nq 2tnyL7Vee+tZsLzhozc9aLsc51AvOib1X0cLsqVnrRhK2mnGIgJoZQByM1KZzK+x pl9EVqvBeJI=uOYv -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 09, 2023
Red Hat
98
security advisorysecurity updatebug fixRed Hat OpenShift 4.8.53 RHSA-2022:7874-01 Important Security Fix
Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.8.53 bug fix and security update Advisory ID: RHSA-2022:7874-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:7874 Issue date: 2022-11-18 CVE Names: CVE-2021-45485 CVE-2021-45486 CVE-2022-2588 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 CVE-2022-39399 CVE-2022-41974 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:7873 Space precludesdocumenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes Security Fix(es): * go-getter: command injection vulnerability (CVE-2022-26945) * go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, and ppc64le architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags The sha values for the release are: (For x86_64 architecture) The image digest is sha256:ac2bbfa7036c64bbdb44f9a74df3dbafcff1b851d812bf2a48c4fabcac3c7a53 (For s390x architecture) The image digest is sha256:ac2c74a664257cea299126d4f789cdf9a5a4efc4a4e8c2361b943374d4eb21e4 (For ppc64le architecture) The image digest is sha256:53adc42ed30ad39d7117837dbf5a6db6943a8f0b3b61bc0d046b83394f5c28b2 All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster areavailable at https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2077100 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-2205 - Prefer local dns does not work expectedly on OCPv4.8 OCPBUGS-2347 - [cluster-api-provider-baremetal] fix 4.8 build OCPBUGS-2577 - [4.8] ETCD Operator goes degraded when a second internal node ip is added OCPBUGS-2773 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name OCPBUGS-2989 - [4.8] cri-o should report the stage of container and pod creation it's stuck at 6. References: https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-2588 https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/cve/CVE-2022-21618 https://access.redhat.com/security/cve/CVE-2022-21619 https://access.redhat.com/security/cve/CVE-2022-21624 https://access.redhat.com/security/cve/CVE-2022-21626 https://access.redhat.com/security/cve/CVE-2022-21628 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/cve/CVE-2022-39399 https://access.redhat.com/security/cve/CVE-2022-41974 https://access.redhat.com/security/updates/classification#important 7.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY3csZNzjgjWX9erEAQgVQg//dfbbERoUaVbqbL5MAgN43BOuYuiK0zT2 wkUXSTkIyLGkEqCU6KGhwbrUvMqye1Fef7MomJ0sXUj1MfUuV4FInczZmioJf59d JAKdJQ8wEsqCaedwB+an5bVY6CEGdhsiN4a3JubKfGNkWcVOEr55acdgmu+n0hMJ 6zGQKgJLfBLPU7V/OG5zb/F2/GE6gwvqDsrrCMe6yZ7O2RTHDDnVI+bG1twhOjNb M/wxjxMc3KxAl/32EQXQQnDdicl8Fg3KSCLnVfKwQMfN3O9Fj5AFdW3kT27MKKrF DVsXTEeiLPvvUcfbu2KoLUqwXNajIDLNPYmwdWHrVZpOJcSSwDKxd3TRD1X8a5FO 2ZCpqk/InKz/mzhun+XSsyqY/KrevPFxiBzhfbPZE2EhBRXARUad4ycBlfSCacf9 wwFHEwPDzZ4NygYc1s+2dI9P5tDB+K21XB0d/41yq5XheYonBSu3Ji9+dqMIq/4R Hb+xisN5QoaB+3pf6PMIrhlvNestYQ4TzOHdmEpJRZOehIJ49bJXtIRXq6uDj52b 7gvzoKpRdy3QZNBLNcrJPB0be9yE8chRaxMa++fviQbNamJm3NPVL5jBzBNrEINr a9u8YMzpCzskWP3HdBUZ2bLT2zTnvb3Qj0vKQcUzO/hwl2z3hNbE2L+zOfXfWypj jBUti9NswAw=uJJL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 18, 2022
•Important
Red Hat
98
security advisorymoderatedenial of serviceRed Hat OpenShift 5.4 Logging RHSA-2022:7435-01 Moderate Denial Of Service
An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update Advisory ID: RHSA-2022:7435-01 Product: Logging Subsystem for Red Hat OpenShift Advisory URL: https://access.redhat.com/errata/RHSA-2022:7435 Issue date: 2022-11-16 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2020-36518 CVE-2022-1304 CVE-2022-2509 CVE-2022-3515 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVE-2022-32149 CVE-2022-37434 CVE-2022-40674 CVE-2022-42003 CVE-2022-42004 ==================================================================== 1. Summary: An update is now available for Logging subsystem for Red Hat OpenShift 5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Logging Subsystem 5.4.8 - Red Hat OpenShift Security Fix(es): * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS(CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/logging/release-notes For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/logging/cluster-logging-upgrading 4. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): LOG-3250 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3252 - [release-5.4]Adding Valid Subscription Annotation 6.References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-32149 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3UyMNzjgjWX9erEAQg5+RAAkm8TmJORpWLNz5DFLbUuSBMSqz0mWFW4 X6HT6zV/ot4v2oNB+dtdBSQYTv2ry4nhpHwiV15bkBt3aKgXnM+Sw6cfJFnNHEl4 BUYm8NLanbl8OnaQEZeQQqKmuSVVKDPx0BgfC0twDhMp63fzDYBOSmQSevnm5VzN 98Bb2y0XEIsyqnG66THD3rZDV1KqCkYA+VpYnBflUGmUdEowShiCpFoUTH2RF4gz 9YU5N6rp1FYqQx6Kb5B6Q+kMduf5Q3pFozXpo8Xr7q2zxG7+0Ak6FvQSaKuU8NZZ nCcE20+2wKQ6Dnp+o73wnRo/7EE+Ea7lP07eInz2dEMAZGs9A0KCDk0onDBIrUfv twvlhRvVvKBiUILaEslSrNN8jX5dykpYbzMX87nrcti6GhnW/sJL08bJY0+Q7Y3k 7pV6enwUaJUlmkmRSx2LExqtYaI0zEgyoA96SuTTcxgafBKb68buXie2qEeoPEKS TnkWJtpJqzZ3uQ9rkQGeiW198lkAwPGf+zz9jrTqPMdsPPseUP6hH1bh6nK5em54 4ULJ0J+C3310SHCQtkxwjNvxIaYpWh8GRIqF3ty+5D7j4iC2LRdKCYcJHZ3nsw9t 5ahXG9gIzdUELejnjaxf03OeeZ/+r1G5KWPf+USWfBkisD5eO/z5CDaJJCR38NvO 8qnp7x3na/g=k+FZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 16, 2022
Red Hat
98
security advisoryred hatbug fixesRed Hat OpenShift 4.8.49 RHSA-2022:6308-01 Important Security Update
Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.8.49 security update Advisory ID: RHSA-2022:6308-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6308 Issue date: 2022-09-14 CVE Names: CVE-2021-39226 CVE-2022-0494 CVE-2022-1353 CVE-2022-2526 CVE-2022-26945 CVE-2022-29154 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 CVE-2022-30631 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.8.49 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.49. There are no RPMs for this release. Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read(CVE-2022-30631) * grafana: Snapshot authentication bypass (CVE-2021-39226) * go-getter: command injection vulnerability (CVE-2022-26945) * go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321) * go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322) * go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-x86_64 The image digest is sha256:ba6831ecc01cc2b3bfdd8f719e7a9384a877767fe90272a2becee7d7b6c9307c (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-s390x The image digest is sha256:73f2aa3c7ebd443bf7c76e8434975f14e52e9312425cd62b9368697afe4542b0 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.49-ppc64le The image digest is sha256:cc18f0f9dae56a3e630f87c3054ca1d0b807d8524369735e7a0c47297833f661 All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/updating_clusters/updating-cluster-cli 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/release_notes/ocp-4-8-release-notes Details on how to access this content are availableat https://docs.redhat.com/en/documentation/openshift_container_platform/4.8/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 1881882 - [RHCOS]Cannot access to the service's externalIP with egressIP from some pods 1959706 - QuorumGuardController_Error QuorumGuardControllerDegraded: the server could not find the requested resource 1991938 - Upgrading descheduler operator from 4.8 to 4.9 or installing latest 4.8 operator fails 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2064860 - ip-reconcile job is failing consistently 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 2095210 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 2098252 - [4.8] Bootimage bump tracker 2105159 - crio umask sometimes set to 0000 [4.8] 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2112999 - sum_irate doesn't work in OCP 4.8 2113998 - NetworkManager didn't automatically renew the lease on the VLAN interface configured using nmstate 2115039 - [4.8] On updating cluster from 4.8.34=> 4.8.43, cu has noticed stale iptables rules that cause SVC of type LB to fail after redeployment of pods 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-580 - [release-4.8] Gather ODF CephCluster resource status OCPBUGS-604 - CI failing tests: Create namespace from install operators creates namespace from operator install page 6.References: https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2022-0494 https://access.redhat.com/security/cve/CVE-2022-1353 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-26945 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-30321 https://access.redhat.com/security/cve/CVE-2022-30322 https://access.redhat.com/security/cve/CVE-2022-30323 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyJ8KdzjgjWX9erEAQgbYA//ZdVoOj63OVVra6pqfXnV5R5LLib/cOzH /k1KeLAxCGgVJMJO4b/QmEzXOZwxs6sKIS+PMV7dWBRmkPqQQaxOO/257/SSJppe bUATAPBwAp6NdiJteDr0Vp7mAZQwiCCNcO8xcpdXHJ7r771p2x1i7vcEPx+gIW2/ ukHml6T3tJuIhj9lvWLd2PPJr9wXFtmmhRKFV6zKwS7duaU1b4hJQswSXCnk1a8m IuO1L4zv0KXCfdRWoRUQgk+bEMUCPdx+/IFbZemVjIycQMii2rif0raGAa7NLEas OTjZCMBNjqvUmEa/QFUamAt6HsxMqwWnxnOAgO5QATheZ7ZEEP8IguDmKcCrqY0Z 3/qM5BRe7CYqOWP1mA2yRr4fpTv2XioCS7xbr1Y7SYpmI0kMynWh+9F7sUFuvjhc Ah2rfGedta6B2u8eaRQKifl/M5gaxZ0NMCvdSItBwf9i87iQYERLltj2AIrh8jAN MZSvOJuu//i8pUXWNtism+8kejXZsGjjhI95BAepD0Y/Xi2lRw0lDoph1tKE071r 59mocXjeSbSWOAnUlZgc5VtUYDQxeeCEdGOrTUkqfpEgysY0hy1pYnxW3TJ6ygfL kNhfCgZK0oWd1Sws4lrYYfyBgexTVf0NNRAz28YWSzLS2bACE/zZA4B3fFWjjqD4 46lkWXhKA5Y=A4oP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 14, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!