exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-0778-01

Red Hat Security Advisory 2023-0778-01
Posted Feb 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-7692, CVE-2022-1471, CVE-2022-2048, CVE-2022-23521, CVE-2022-25857, CVE-2022-3064, CVE-2022-30946, CVE-2022-30952, CVE-2022-30953, CVE-2022-30954, CVE-2022-34174, CVE-2022-36882, CVE-2022-36883, CVE-2022-36884
SHA-256 | b0f7f8eee987e2e6e2dcaabf7c4fe7bacb12571d25cd64b63d580c759f794a67

Red Hat Security Advisory 2023-0778-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.9.56 security update
Advisory ID: RHSA-2023:0778-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0778
Issue date: 2023-02-22
CVE Names: CVE-2020-7692 CVE-2022-1471 CVE-2022-2048
CVE-2022-3064 CVE-2022-4337 CVE-2022-4338
CVE-2022-23521 CVE-2022-25857 CVE-2022-30946
CVE-2022-30952 CVE-2022-30953 CVE-2022-30954
CVE-2022-34174 CVE-2022-36882 CVE-2022-36883
CVE-2022-36884 CVE-2022-36885 CVE-2022-41903
CVE-2022-43401 CVE-2022-43402 CVE-2022-43403
CVE-2022-43404 CVE-2022-43405 CVE-2022-43406
CVE-2022-43407 CVE-2022-43408 CVE-2022-43409
CVE-2022-45047 CVE-2022-45379 CVE-2022-45380
CVE-2022-45381 CVE-2022-47629
====================================================================
1. Summary:

Red Hat OpenShift Container Platform release 4.9.56 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.9.56. See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHSA-2023:0777

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Security Fix(es):

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing
malicious or large YAML documents (CVE-2022-3064)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.9 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

You may download the oc tool and use it to inspect release image metadata
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests
may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The SHA values for the release are listed as follows:

(For x86_64 architecture)
The image digest is
sha256:37b675dfeac56248d99616bab316ed920c822791305337ed25fca51c6eb23de4

(For s390x architecture)
The image digest is
sha256:0578e8b8c95951143bd4bedba761bc7e76c063acfef5468ba69291e84f38bf5a

(For ppc64le architecture)
The image digest is
sha256:1c2a8864f0502e6959e51771c76c42848355788094004832fa4bf24c2aec5722

(For aarch64 architecture)
The image digest is
sha256:99a00424a752ac5543144ce965e4045d50fe909eeec4823a9efe6b2e812170e1

All OpenShift Container Platform 4.9 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-2572 - Downward API (annotations) is missing PCI information when using the tuning metaPlugin on SR-IOV Networks
OCPBUGS-4051 - systemReserved:ephemeral-storage in KubeletConfig doesn't work as expected
OCPBUGS-4111 - Various Jenkins CVEs for October 2022 [openshift-4.9.z]
OCPBUGS-5938 - Backport fix for OCPBUGSM-36848 to 4.9
OCPBUGS-6516 - wal: max entry size limit exceeded
OCPBUGS-6932 - hack/check-plugins-supply-chain-change.sh is not executable

6. References:

https://access.redhat.com/security/cve/CVE-2020-7692
https://access.redhat.com/security/cve/CVE-2022-1471
https://access.redhat.com/security/cve/CVE-2022-2048
https://access.redhat.com/security/cve/CVE-2022-3064
https://access.redhat.com/security/cve/CVE-2022-4337
https://access.redhat.com/security/cve/CVE-2022-4338
https://access.redhat.com/security/cve/CVE-2022-23521
https://access.redhat.com/security/cve/CVE-2022-25857
https://access.redhat.com/security/cve/CVE-2022-30946
https://access.redhat.com/security/cve/CVE-2022-30952
https://access.redhat.com/security/cve/CVE-2022-30953
https://access.redhat.com/security/cve/CVE-2022-30954
https://access.redhat.com/security/cve/CVE-2022-34174
https://access.redhat.com/security/cve/CVE-2022-36882
https://access.redhat.com/security/cve/CVE-2022-36883
https://access.redhat.com/security/cve/CVE-2022-36884
https://access.redhat.com/security/cve/CVE-2022-36885
https://access.redhat.com/security/cve/CVE-2022-41903
https://access.redhat.com/security/cve/CVE-2022-43401
https://access.redhat.com/security/cve/CVE-2022-43402
https://access.redhat.com/security/cve/CVE-2022-43403
https://access.redhat.com/security/cve/CVE-2022-43404
https://access.redhat.com/security/cve/CVE-2022-43405
https://access.redhat.com/security/cve/CVE-2022-43406
https://access.redhat.com/security/cve/CVE-2022-43407
https://access.redhat.com/security/cve/CVE-2022-43408
https://access.redhat.com/security/cve/CVE-2022-43409
https://access.redhat.com/security/cve/CVE-2022-45047
https://access.redhat.com/security/cve/CVE-2022-45379
https://access.redhat.com/security/cve/CVE-2022-45380
https://access.redhat.com/security/cve/CVE-2022-45381
https://access.redhat.com/security/cve/CVE-2022-47629
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY/cHpdzjgjWX9erEAQi+Sw/9HiWs1EagYZTdLmhZhslc8uvw5PS84duL
1RofAiLUIK5HnFF/IqagnBV2V4LMto0fsIV307D2xtAyYog0dQGIdfkeGjSWSWat
L7VZ5MwTFBdCl3bxcim6AZkWD3n8uDdLOqIEZPNKLTX28Zqtruna9pgP/XyN6h4w
sPXlXNU2alNqDd+o6l57Ni36eXIXXaaxFCjbMXaqPesORbmlTBk23DntAaLgfkpx
EHPvS1mAaphb3CLc55z5kEXL/dEG7GQY6epPohAWmBXqJJ0x1yi9Ef/UKW+e3zbx
wUh9EB8vyckKsHKPi8m8TqzntfWN9ZD6mlIcVvOzju9g3B8Jg9tcQItomn2E9ZVp
SHAfo3pu9zhCTL5UggxT4hCUqgrrfQsPnnUWUxdlZrvaM6KfcJUmfYg+AyIaOzn+
SfITzfeYSboTOzUbIBGl1xQvw4pYqkyu2SVVONW8RyshOL47wM68/LIw0/66eNZN
DRY3nXl5QSDGTBeXpn5XcD/N03bF0km4x7SkNfCSeGsshTFOEXCUqxUVqmZkFAiv
qZ84ubnqrWmb/UNIkYSAYlzGDa1DCREOkYEqB0OQ5QwiCx+tA1E3hlx/ZEZ8D8d/
+LNAT0MpikWaqbzReHqFBnKAx2D2Rl57uiEcAmkFHuLNpGuiD4IAVFG/i84fQJ4B
XxJP89AsWXc=Aw6j
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close