what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-0577-01

Red Hat Security Advisory 2022-0577-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0577-01 - Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2020-28851, CVE-2020-28852, CVE-2021-29923, CVE-2021-3121, CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3521, CVE-2021-36221, CVE-2021-3712, CVE-2021-42574, CVE-2022-24407
SHA-256 | 46a08de5d03a31ae3c0835a6727df01e33108a18746235e493a42ff7c3841cd4

Red Hat Security Advisory 2022-0577-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]
Advisory ID: RHSA-2022:0577-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0577
Issue date: 2022-03-28
CVE Names: CVE-2020-28851 CVE-2020-28852 CVE-2021-3121
CVE-2021-3521 CVE-2021-3712 CVE-2021-29923
CVE-2021-31525 CVE-2021-33195 CVE-2021-33197
CVE-2021-33198 CVE-2021-34558 CVE-2021-36221
CVE-2021-42574 CVE-2022-24407
=====================================================================

1. Summary:

The components for Windows Container Support for Red Hat OpenShift 5.0.0
are now available. This product release includes bug fixes and a moderate
security update for the following packages: windows-machine-config-operator
and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Windows Container Support for Red Hat OpenShift allows you to deploy
Windows container workloads running on Windows Server containers.

Security Fix(es):

* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
- -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing
bcp47 tag (CVE-2020-28852)
* golang: net: incorrect parsing of extraneous zero characters at the
beginning of an IP address octet (CVE-2021-29923)
* golang: net/http: panic in ReadRequest and ReadResponse when reading a
very large header (CVE-2021-31525)
* golang: net: lookup functions may return invalid host names
(CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)
* golang: net/http/httputil: panic due to racy read of persistConn after
handler panic (CVE-2021-36221)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For Windows Machine Config Operator upgrades, see the following
documentation:
https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
1990573 - Username annotation error when byoh Windows have uppercase hostname
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
1992841 - Deleting Machine Node object throws reconciliation error after WMCO restart
1994859 - Windows Containers on Windows Nodes get assigned the DNS Server IP “172.30.0.10”, which is wrong, if the default kubernetes subnet is not used
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
2000772 - WMCO fails to configure VMs with Powershell set as the default SSH shell
2001547 - BYOH Windows instance configured with DNS name got deconfigured immediately on UPI baremetal
2002961 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
2005360 - BYOH Windows instance configured twice with DNS name
2008601 - WMCO ignores delete events for machines with invalid IP addresses
2015772 - Replacing private key reconcile 2 Windows nodes in parallel
2032048 - CSR approval failures caused by update conflicts

5. JIRA issues fixed (https://issues.jboss.org/):

WINC-747 - Windows Container Support for Red Hat OpenShift 5.0.0 release

6. References:

https://access.redhat.com/security/cve/CVE-2020-28851
https://access.redhat.com/security/cve/CVE-2020-28852
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3521
https://access.redhat.com/security/cve/CVE-2021-3712
https://access.redhat.com/security/cve/CVE-2021-29923
https://access.redhat.com/security/cve/CVE-2021-31525
https://access.redhat.com/security/cve/CVE-2021-33195
https://access.redhat.com/security/cve/CVE-2021-33197
https://access.redhat.com/security/cve/CVE-2021-33198
https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/cve/CVE-2021-36221
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2022-24407
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYkHUidzjgjWX9erEAQgguhAApk3+HqFLF4+2BufU+cXbfR3ikPOum2aR
dtT/kEd17ELemORjgGNt3mfEaFl0yc+kmq59r4BQRc4kSVa0rtD5gY8loW81R/V9
QVJOO4uu160Ho92n/7M33IKNM3MJuB6Puezm6GiTiRBCE6YcggWn3f8DqSQiqcH6
GAjDfomv+WfMhDBvoZKqY+rDiFleZqOcTZT5StcZNntXEpDkJE95jttCOIB1GjjR
DbBqk2Yya78gfMMarAIjGupYoMq6Byk4ebGVjnNvQVFvmPFdalTnCjBBkuN/FHFv
QXBOQfMDZW7eYPD7Hztz7o6FgRQNctie2i2n/UtU4qhEgei97e/CFN77mdBD7zaN
9pqsz63ZNx7rhKIvrVBXktyZuV3PETPxDakH13JFFbW2pKrDr0d6lHYq9H9mHmbr
RUPObMpM3yOXI0nm0MPfAHp/PYI0GyPi6mKVJLLKiXQw7nM3t9J4RPn51ZIDdq8H
s4bFvA0cev5dZholKPPdjEkH9XfPBecXFlKFT2a+91w7d0LAAKUCk1yEsDuwlYEN
gu+uO6s7xN2qMg6S0KWf3dkBgrJjiBgWg9lUhin/CFnRmmCxjWnDzgUOiMbJfD4c
oAKvrdZ8oqe9Fl63oIFggre+fJIVl817DaHHmc6QptcrUBogdXQgsneK/86xjsZi
OzqkIK5j4RU=
=uE/t
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close