exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-6287-01

Red Hat Security Advisory 2022-6287-01
Posted Sep 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-2526, CVE-2022-29154, CVE-2022-32206, CVE-2022-32208
SHA-256 | cdfa110c52d5f36c1043dcb84bbdac933a90042102886ff5182c1c46a467e01f

Red Hat Security Advisory 2022-6287-01

Change Mirror Download
Hash: SHA256

Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.11.3 packages and security update
Advisory ID: RHSA-2022:6287-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6287
Issue date: 2022-09-07
CVE Names: CVE-2021-38561 CVE-2022-2526 CVE-2022-29154
CVE-2022-32206 CVE-2022-32208
1. Summary:

Red Hat OpenShift Container Platform release 4.11.3 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.11.3. See the following advisory for the RPM packages for this


Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:


Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
listed in the References section.

You may download the oc tool and use it to inspect release image metadata
as follows:

(For x86_64 architecture)

$ oc adm release info

The image digest is

(For s390x architecture)

$ oc adm release info

The image digest is

(For ppc64le architecture)

$ oc adm release info

The image digest is

All OpenShift Container Platform 4.11 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata


Details on how to access this content are available at

4. Bugs fixed (https://bugzilla.redhat.com/):

1989398 - .indexignore is not ingore when opm command load dc configuration
2062152 - Azure CI can't provision volumes in parallel
2076402 - Don't warn on failure to create pod logical port when pod isn't scheduled
2096456 - [HyperShift] Election timeouts on OVNKube masters for Hypershift guests post statefulset recreation
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2103127 - TechPreview feature is not enabled, but find "failed to list *v1alpha1.AlertingRule: alertingrules.monitoring.openshift.io is forbidden" in cmo logs
2105972 - [Azure-file CSI Driver] Read/Write permission denied for non-admin user on azure file csi provisioned volume with fsType=ext4,ext3,ext2,xfs
2107564 - [GCP] create gcpcluster get error
2108014 - Nutanix: the e2e-nutanix-operator webhooks test suite does not support provider Nutanix
2109642 - Fix two issues in hybrid overlay
2109943 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10
2110407 - metal3-dnsmasq: workers are not provisioned during the cluster installation when BootMacAddress is not provided lower-case
2110524 - [AWS] CCM cannot work on Commercial Cloud Services (C2S) Top Secret Region
2111901 - Split the route controllers out from OCM
2114681 - Kernel parm needs to be added when a pao performance profile is applied, rcutree.kthread_prio
2115481 - ovnkube direct-lists pods on a node when the node object changes
2115561 - Pipelines (Multi-column table) column titles are not aligned with the column content (input fields) starting with 4.9
2115807 - OKD: update FCOS to latest stable
2116265 - Failed PipelineRun logs text is not visible in light mode
2116288 - Monitoring Alert decorator in Topology color is grey instead of red
2117462 - [4.11 backport] percpu Memory leak CRIO due to no garbage collection in /run/crio/exits for exited containers
2117594 - Upgrade golangci-lint to 1.47.3 in image-customization-controller
2117823 - oc adm release extract should handle ccoctl

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-263 - [4.11] Tuned overwriting IRQBALANCE_BANNED_CPUS
OCPBUGS-306 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
OCPBUGS-429 - Release 4.11 : Backport Insights Operator should collect helm upgrade and uninstall metric
OCPBUGS-433 - Nutanix platform validations run at `create manifests` stage
OCPBUGS-453 - [4.11] update ironic to latest available
OCPBUGS-465 - PDB warning alert when CR replica count is set to zero (edit)
OCPBUGS-515 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
OCPBUGS-516 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
OCPBUGS-658 - [release-4.11] OVN master trying to deleteLogicalPort for object which is already gone
OCPBUGS-688 - Adding day2 remote worker node requires manually approving CSRs
OCPBUGS-727 - [4.11] Kubelet cannot be started on worker nodes after upgrade to OCP 4.11 (RHCOS 8.6) when custom SELinux policies are applied
OCPBUGS-737 - machineconfig service is failed to start because Podman storage gets corrupted
OCPBUGS-756 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10

6. References:


7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
Version: GnuPG v1

RHSA-announce mailing list
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By