what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-0855-01

Red Hat Security Advisory 2022-0855-01
Posted Mar 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0855-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with enhancements, security updates, and bug fixes. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-36221, CVE-2021-44716
SHA-256 | c7ffb9b0ddbcda4e64a2a548cfa00a66968d5a4477356b1839ca7d6670777ce4

Red Hat Security Advisory 2022-0855-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift sandboxed containers 1.2.0 security update
Advisory ID: RHSA-2022:0855-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0855
Issue date: 2022-03-14
CVE Names: CVE-2021-36221 CVE-2021-44716
====================================================================
1. Summary:

OpenShift sandboxed containers 1.2.0 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE links in the References section.

2. Description:

OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.

This advisory contains an update for OpenShift sandboxed containers with
enhancements, security updates, and bug fixes.

Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the following Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:

https://docs.openshift.com/container-platform/4.10/sandboxed_containers/sandboxed-containers-release-notes.html

Security Fixes:

* net/http: limit growth of header canonicalization cache (CVE-2021-44716)

* net/http/httputil: panic due to racy read of persistConn after handler
panic (CVE-2021-36221)

For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache

5. JIRA issues fixed (https://issues.jboss.org/):

KATA-1015 - 1.2: unused sourceImage field in KataConfig is confusing
KATA-1019 - 1.2: annotations state Operator is only supported on OCP 4.8
KATA-1027 - Newer kata-containers shimv2 (from kata-2.2.0 onwards) doesn't work with OCP.
KATA-1118 - Attempt to uninstall while installation is in progress blocks
KATA-1134 - Metrics doesn't work with the latest runtime cgroups improvements and simplifications
KATA-1183 - security warning when creating daemonset for kata-monitor
KATA-1184 - MachineConfigPool kata-oc is not removed with KataConfig CRD is deleted
KATA-1189 - pods for kata-monitor daemonset don't start: SCC issues
KATA-1190 - Operator not reconciling when node labels are changed
KATA-1195 - Error: CreateContainer failed: Permission denied (os error 13): unknown
KATA-1205 - openshift-sandboxed-containers-operator namespace not labelled for kata metrics
KATA-1219 - kata-monitor will forget about a kata pod if an error happens while retrieving the metrics
KATA-1222 - daemonset creation fails with reconciler error
KATA-1224 - wrong channels and default version in internal build
KATA-1225 - upgrade from 1.1.0 to 1.2.0 failed
KATA-1247 - kataconfig can't be applied due to syntax error
KATA-1249 - use official pullspec for metrics daemonset as default in kataconfig CRD
KATA-1288 - changes to spec.kataMonitorImage are not reconciled
KATA-1334 - Unable to loop mount file based image inside Kata container
KATA-1340 - runtime installation shows no progress after creating kataconfig
KATA-1383 - fix RHSA-2022:0658 (cyrus-sasl)
KATA-553 - Worker node is not being created when scaling up a cluster with the Kata operator installed
KATA-588 - kata 2.0: stop a container spam crio logs continously
KATA-817 - There are no logs coming from kata-containers agent

6. References:

https://access.redhat.com/security/cve/CVE-2021-36221
https://access.redhat.com/security/cve/CVE-2021-44716
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYjBXvtzjgjWX9erEAQjqww//RMCA4qDjnMLRInZJc/3rOsThXEsGG/v8
5ZRFWBfIy87MkhgiLR4MDdM2/EdOOhD27KBCZWC5mLvxM+y4GKRVR/nzYeYjf+L4
3bDg7Sx/e52yRpgMJ4Ld5EhmSwsREins6UlPlROr/O9UgDRaBBloENWCvaJr+iVN
o/uO5MjmHGrnBMixP8weVDAeC5fvBVtcNHXRiqcqIRf5XauFj2GwyOdfZR6KuzMr
H5M97bQa7bAYnDaeCSml+kjD3pSN/Eei+Ngj72x4kal+aQYf/lV1RCp6+BSZpTlG
v4UmGz1OJlrJspdeixwp6MQ9k+qthtpZcR1+oQwuTlfqWq7KtlX+hpv77KaGU0Nx
krqA5rmQJE1mNPQBcX1TbhlL+IayAAMUjG/U57k75Q8d9jFYsHtn7mCZtCcnjTei
7FxrH9cIJbzdC8Fg3FSsn0fg2ts3bVo8VFr6mLSTmnCTh0CoOkNi1VoUYmxOjnVE
Qan3wK+3F2ykVssUlGBnjSwP9FIxDILKBT5e+Ty+90v3PYx3H7wGY38AbgZrYMJP
SW0ha0Q+1TUcriLTgdJPHYctGWrWtINvCdZX7WuBwy1x90jz5hPz/whk31+8Ezz0
tWEyG6GBc2UxOZRBzQFVVqTZjxUUH961iGLLZEh/onvBWv9/XoFkZnlYRV4pm2EH
dtS2WFZnPsg=z3KT
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close