Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
98
security advisorymoderatesecurity updateRed Hat OpenShift 1.4.1 Moderate: Security Update for Sandboxed Containers
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift sandboxed containers 1.4.1 security update Advisory ID: RHSA-2023:4290-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4290 Issue date: 2023-07-27 CVE Names: CVE-2020-24736 CVE-2021-46848 CVE-2022-1271 CVE-2022-1304 CVE-2022-2509 CVE-2022-3715 CVE-2022-28805 CVE-2022-34903 CVE-2022-35737 CVE-2022-36227 CVE-2022-40303 CVE-2022-40304 CVE-2022-47629 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-1667 CVE-2023-2283 CVE-2023-2650 CVE-2023-3089 CVE-2023-24329 CVE-2023-26604 ===================================================================== 1. Summary: OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains a security update for OpenShift sandboxed containers, as well as bug fixes. Security fix: * A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode wasenabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089) For more information about the additional fixes in this release, see the Release Notes documentation: https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/ 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): KATA-2121 - taints/tolerations from kata-monitor daemonset removed by reconciliation KATA-2212 - operator, must-gather, and cloud-api-adapter dockerfiles use ubi8 base images KATA-2299 - 1.4.1 build showing 1.4.0 version OCPBUGS-15175 - [Major Incident] CVE-2023-3089 osc-operator-container: openshift: OCP & FIPS mode [rhosc-1-4] 6.References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/cve/CVE-2022-28805 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkwdRWAAoJENzjgjWX9erEf1cP/1R3va9sDeVZofBGgIFDCJL8 bIVdeaBrW+4rf+ddy/l2oYHv5Ei4mBAIpICwMtCP1VBt5prx8GzXhQLuwGQKDD3+ KfmPBIJefIcEMwUyuC8vmtlx3+5bj5Ac/sdDcBwOLhfkxcyP4Ec+bpiKohz6Mjtn 8CsJoYhDnk7w/SvZYGukCHmghsbAJLVqBOduKSLJkL4kIKIOmd0pNBlo4Ph7aLY5 YbaT+exB+RstYFkLG63ilfHiExpwAp0zc3H55IQ60to+9IgLwsZ9yyM9lOLiECie UTejf1zzISfVfCqVlL6jJc6596QQKkKni4DWsy4CjvS6jV3ukDyelM2ecfZVshma gugKuUbhDwZMjbrLgNYGnpQpZYUpBoJbK5JUYvQ/fpNjdxYOFkPQindvy1GSKCvj 5m0pftOPWQwil4h4d+l3AxyT1fo5evic+/i8EPSZNQbYeV43XrLr0VxZP4uq+Pqw T2bQYOBCISu/nwKuUNkBmcLRbpmpdwu+3Y9du0ftqyXr1GPI7C6lcW4HUKDZM/ct Z914wsfftCBGWubYIxa+FGDV7k9qkDWVhFtacilNABkwWUJM1p4PSCQmm//Ayymc 8Jz2Fasgw9+e2hnQeBoVRHRqyQiWfqq59MKXIkNvCW06FEqoIDWJD7+gMEGwXFqh qwcw4WUp7UKqlYVP5U4T =3TcZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 27, 2023
Red Hat
98
security advisorymoderatesecurity updateRed Hat OpenShift 1.2.0 RHSA-2022:0855-01 Moderate: Container Issues
OpenShift sandboxed containers 1.2.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift sandboxed containers 1.2.0 security update Advisory ID: RHSA-2022:0855-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0855 Issue date: 2022-03-14 CVE Names: CVE-2021-36221 CVE-2021-44716 ==================================================================== 1. Summary: OpenShift sandboxed containers 1.2.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with enhancements, security updates, and bug fixes. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/sandboxed_containers_support_for_openshift/index Security Fixes: * net/http: limit growth of header canonicalization cache (CVE-2021-44716) * net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details aboutthe security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: 4. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): KATA-1015 - 1.2: unused sourceImage field in KataConfig is confusing KATA-1019 - 1.2: annotations state Operator is only supported on OCP 4.8 KATA-1027 - Newer kata-containers shimv2 (from kata-2.2.0 onwards) doesn't work with OCP. KATA-1118 - Attempt to uninstall while installation is in progress blocks KATA-1134 - Metrics doesn't work with the latest runtime cgroups improvements and simplifications KATA-1183 - security warning when creating daemonset for kata-monitor KATA-1184 - MachineConfigPool kata-oc is not removed with KataConfig CRD is deleted KATA-1189 - pods for kata-monitor daemonset don't start: SCC issues KATA-1190 - Operator not reconciling when node labels are changed KATA-1195 - Error: CreateContainer failed: Permission denied (os error 13): unknown KATA-1205 - openshift-sandboxed-containers-operator namespace not labelled for kata metrics KATA-1219 - kata-monitor will forget about a kata pod if an error happens while retrieving the metrics KATA-1222 - daemonset creation fails with reconciler error KATA-1224 - wrong channels and default version in internal build KATA-1225 - upgrade from 1.1.0 to 1.2.0 failed KATA-1247 - kataconfig can't be applied due to syntax error KATA-1249 - use official pullspec for metrics daemonset as default in kataconfig CRD KATA-1288 - changes to spec.kataMonitorImage are not reconciled KATA-1334 - Unable to loop mount file based image inside Kata container KATA-1340 - runtimeinstallation shows no progress after creating kataconfig KATA-1383 - fix RHSA-2022:0658 (cyrus-sasl) KATA-553 - Worker node is not being created when scaling up a cluster with the Kata operator installed KATA-588 - kata 2.0: stop a container spam crio logs continously KATA-817 - There are no logs coming from kata-containers agent 6. References: https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjBXvtzjgjWX9erEAQjqww//RMCA4qDjnMLRInZJc/3rOsThXEsGG/v8 5ZRFWBfIy87MkhgiLR4MDdM2/EdOOhD27KBCZWC5mLvxM+y4GKRVR/nzYeYjf+L4 3bDg7Sx/e52yRpgMJ4Ld5EhmSwsREins6UlPlROr/O9UgDRaBBloENWCvaJr+iVN o/uO5MjmHGrnBMixP8weVDAeC5fvBVtcNHXRiqcqIRf5XauFj2GwyOdfZR6KuzMr H5M97bQa7bAYnDaeCSml+kjD3pSN/Eei+Ngj72x4kal+aQYf/lV1RCp6+BSZpTlG v4UmGz1OJlrJspdeixwp6MQ9k+qthtpZcR1+oQwuTlfqWq7KtlX+hpv77KaGU0Nx krqA5rmQJE1mNPQBcX1TbhlL+IayAAMUjG/U57k75Q8d9jFYsHtn7mCZtCcnjTei 7FxrH9cIJbzdC8Fg3FSsn0fg2ts3bVo8VFr6mLSTmnCTh0CoOkNi1VoUYmxOjnVE Qan3wK+3F2ykVssUlGBnjSwP9FIxDILKBT5e+Ty+90v3PYx3H7wGY38AbgZrYMJP SW0ha0Q+1TUcriLTgdJPHYctGWrWtINvCdZX7WuBwy1x90jz5hPz/whk31+8Ezz0 tWEyG6GBc2UxOZRBzQFVVqTZjxUUH961iGLLZEh/onvBWv9/XoFkZnlYRV4pm2EH dtS2WFZnPsg=z3KT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 15, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!