what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-6103-01

Red Hat Security Advisory 2022-6103-01
Posted Aug 24, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6103-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.1.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-1012, CVE-2022-1292, CVE-2022-1586, CVE-2022-1785, CVE-2022-1897, CVE-2022-1927, CVE-2022-2068, CVE-2022-2097, CVE-2022-30629, CVE-2022-30631, CVE-2022-32250
SHA-256 | 9ed4a54b3aed43ac3112247709b1be7d05294778451baf8ae63150805dcdde86

Red Hat Security Advisory 2022-6103-01

Change Mirror Download
Hash: SHA256

Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update
Advisory ID: RHSA-2022:6103-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6103
Issue date: 2022-08-23
CVE Names: CVE-2022-1012 CVE-2022-1292 CVE-2022-1586
CVE-2022-1785 CVE-2022-1897 CVE-2022-1927
CVE-2022-2068 CVE-2022-2097 CVE-2022-30629
CVE-2022-30631 CVE-2022-32250
1. Summary:

Red Hat OpenShift Container Platform release 4.11.1 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.11.1. See the following advisory for the RPM packages for this


Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:


Security Fix(es):

* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: crypto/tls: session tickets lack random ticket_age_add

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
listed in the References section.

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info

The image digest is

(For s390x architecture)

$ oc adm release info

The image digest is

(For ppc64le architecture)

$ oc adm release info

The image digest is

(For aarch64 architecture)

$ oc adm release info

The image digest is

All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata


Details on how to access this content are available at

4. Bugs fixed (https://bugzilla.redhat.com/):

2033256 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the module.vpc.aws_route_table.private_routes resource
2040715 - post 1.23 rebase: regression in service-load balancer reliability
2063622 - Failed to install the podman package from repo rhocp-4.10-for-rhel-8-x86_64-rpms
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2102576 - [4.11] [Cluster storage Operator] DefaultStorageClassController report fake message "No default StorageClass for this platform" on azure and openstack
2103638 - No need to pass to-image-base for `oc adm release new` command when use --from-release
2103899 - [OVN] bonding fails after active-backup fail-over and reboot, kargs static IP
2104386 - OVS-Configure doesn't iterate connection names containing spaces correctly
2104435 - [dpu-network-operator] Updating images to be consistent with ART
2104510 - Update ose-machine-config-operator images to be consistent with ART
2104687 - MCP upgrades can stall waiting for master node reboots since MCC no longer gets drained
2105056 - Openshift-Ansible RHEL 8 CI update
2105444 - [OVN] Node to service traffic is blocked if service is "internalTrafficPolicy: Local" even backed pod is on the same node
2106772 - openshift4/ose-operator-registry image is vulnerable to multiple CVEs
2106795 - crio umask sometimes set to 0000
2107003 - The bash completion doesn't work for get subcommand
2107045 - OLM updates namespace labels even if they haven't changed
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107777 - Pipeline status filter and status colors doesn't work correctly with non-english languages
2107871 - Import: Advanced option sentence is splited into two parts and headlines has no padding
2108021 - Machine Controller stuck with Terminated Instances while Provisioning on AWS
2109052 - Add to application dropdown options are not visible on application-grouping sidebar action dropdown.
2109205 - HTTPS_PROXY ENV missing in some CSI driver operators
2109270 - Kube controllers crash when nodes are shut off in OpenStack
2109489 - Reply to arp requests on interfaces with no ip
2109709 - Namespace value is missing on the list when selecting "All namespaces" for operators
2109731 - alertmanager-main pods failing to start due to startupprobe timeout
2109866 - Cannot delete a Machine if a VM got stuck in ERROR
2109977 - storageclass should not be created for unsupported vsphere version
2110482 - [vsphere] failed to create cluster if datacenter is embedded in a Folder
2110723 - openshift-tests: allow -f to match tests for any test suite
2110737 - Master node in SchedulingDisabled after upgrade from 4.10.24 -> 4.11.0-rc.4
2111037 - Affinity rule created in console deployment for single-replica infrastructure
2111347 - dummy bug for 4.10.z bz2111335
2111471 - Node internal DNS address is not set for machine
2111475 - Fetch internal IPs of vms from dhcp server
2111587 - [4.11] Export OVS metrics
2111619 - Pods are unable to reach clusterIP services, ovn-controller isn't installing the group mod flows correctly
2111992 - OpenShift controller manager needs permissions to get/create/update leases for leader election
2112297 - bond-cni: Backport "mac duplicates" 4.11
2112353 - lifecycle.posStart hook does not have network connectivity.
2112908 - Search resource "virtualmachine" in "Home -> Search" crashes the console
2112912 - sum_irate doesn't work in OCP 4.8
2113926 - hypershift cluster deployment hang due to nil pointer dereference for hostedControlPlane.Spec.Etcd.Managed
2113938 - Fix e2e tests for [reboots][machine_config_labels] (tsc=nowatchdog)
2114574 - can not upgrade. Incorrect reading of olm.maxOpenShiftVersion
2114602 - Upgrade failing because restrictive scc is injected into version pod
2114964 - kola dhcp.propagation test failing
2115315 - README file for helm charts coded in Chinese shows messy characters when viewing in developer perspective.
2115435 - [4.11] INIT container stuck forever
2115564 - ClusterVersion availableUpdates is stale: PromQL conditional risks vs. slow/stuck Thanos
2115817 - Updates / config metrics are not available in 4.11
2116009 - Node Tuning Operator(NTO) - OCP upgrade failed due to node-tuning CO still progressing
2116557 - Order of config attributes are not maintained during conversion of PT4l from ptpconfig to ptp4l.0.config file
2117223 - kubernetes-nmstate-operator fails to install with error "no channel heads (entries not replaced by another entry) found in channel"
2117324 - catalog-operator fatal error: concurrent map writes
2117353 - kola dhcp.propagation test out of memory
2117370 - Migrate openshift-ansible to ansible-core
2117746 - Bump to latest k8s.io 1.24 release
2118214 - dummy bug for 4.10.z bz2118209
2118375 - pass the "--quiet" option via the buildconfig for s2i

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-1 - Test Bug

6. References:


7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
Version: GnuPG v1

RHSA-announce mailing list
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By