-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.0 bug fix and security update
Advisory ID:       RHSA-2023:1329-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1329
Issue date:        2023-05-18
CVE Names:         CVE-2022-41717
====================================================================
1. Summary:

Red Hat build of MicroShift release 4.13.0 is now available with updates to
packages and images that fix several bugs.

This release includes a security update for Red Hat build of MicroShift
4.13.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, x86_64

3. Description:

Red Hat build of MicroShift is Red Hat's light-weight Kubernetes
orchestration solution designed for edge device deployments and is built
from the edge capabilities of Red Hat OpenShift. MicroShift is an
application that is deployed on top of Red Hat Enterprise Linux devices at
the edge, providing an efficient way to operate single-node clusters in
these low-resource environments.

This advisory contains the RPM packages for Red Hat build of MicroShift
4.13.0. Read the following advisory for the container images for this
release:

https://access.redhat.com/errata/RHSA-2023:1326

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2
requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All of the bug fixes may not be documented in this advisory. Read the
following release notes documentation for details about these changes:

https://access.redhat.com/documentation/en-us/microshift/4.13/html/release_notes/index

All Red Hat build of MicroShift 4.13 users are advised to use these updated
packages and images when they are available in the RPM repository.

4. Solution:

For MicroShift 4.13, read the following documentation, which will be
updated shortly for this release, for important instructions on how to
install the latest RPMs and fully apply this asynchronous errata update:

https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.13/html/release_notes/index

5. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

6. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10223 - kubeconfig CA includes all signers
OCPBUGS-10242 - CSI driver ends up in crash loop when host does not have default VG name
OCPBUGS-10243 - sysconfwatch-controller logs excessively
OCPBUGS-10251 - Rebase to 4.13 failed with duplicate metrics registration in ovnk
OCPBUGS-10253 - nats.io doesn't work on microshift
OCPBUGS-10254 - The router pod is delayed over 5m after reboot
OCPBUGS-10256 - Some pods not coming up after rebooting
OCPBUGS-10617 - Prompt unexpected err="microshift-etcd failed to start when execute 'microshift-etcd run'
OCPBUGS-10791 - MicroShift pods cannot resolve local host name
OCPBUGS-11295 - e2e: Config v1 client shim for static configuration manifests with read-only operations
OCPBUGS-11412 - build requirements are not available outside of Red Hat
OCPBUGS-11497 - Microshift-etcd doesn't start up with memoryLimitMB set to 50.
OCPBUGS-11593 - RPM build shows errors from missing jq command
OCPBUGS-11660 - sudo /usr/bin/microshift show-config --mode effective doesn't show the correct memoryLimitMB value
OCPBUGS-11811 - dependency on openvswitch is not compatible with RHEL 9.2 versions
OCPBUGS-13023 - Update dependency on selinux-policy to match RHEL 9.2 released package version
OCPBUGS-2869 - Don't observe could not find the requested resource *v1.ClusterResourceQuota
OCPBUGS-3635 - Default for spec.to.weight missing from Route CRD schema
OCPBUGS-4198 - route-controller-manager not creating routes
OCPBUGS-4323 - Route/v1 defaulting for target kind and termination must be sharable between openshift-apiserver and kube-apiserver
OCPBUGS-4577 - [MicroShift] the host and routerCanonicalHostname should use same sub domain name
OCPBUGS-4657 - Route defaulting package from library-go must be available for import by kube-apiserver admission plugins
OCPBUGS-4658 - Use shared library in admission to default Routes served via CRD
OCPBUGS-5537 - MicroShift's rebase step creates tight coupling with specific branch
OCPBUGS-5858 - MicroShift's rebase is missing arm64 nightly changes if no new amd64 nightly was produced
OCPBUGS-5908 - Change TopoLVM to use 4.12 released image references
OCPBUGS-6173 - Update 4.13 ovn-kubernetes-microshift image to be consistent with ART
OCPBUGS-6858 - Missing CRI-O version dependency leads to network not starting
OCPBUGS-6860 - service configured with a nodeport can't be reached until after restart of ovnkube-master
OCPBUGS-6864 - iptables rules can not be restored after removing source and adding it back
OCPBUGS-7444 - Fix firewalld known issue in microshift doc
OCPBUGS-8338 - Add etcd config to Microshift user config
OCPBUGS-8493 - Microshift does not come up if the Hostname of RHEL has an upper case letter
OCPBUGS-8704 -  (4.13) microshift-etcd fail to check the version
OCPBUGS-9965 - fails to access APIServer service IP assigned on lo device
OCPBUGS-9999 - malformed manifests are retried indefinitely and cause API server availability issues

7. Package List:

Red Hat OpenShift Container Platform 4.13:

Source:
microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.src.rpm

aarch64:
microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm
microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm

noarch:
microshift-release-info-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm
microshift-selinux-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm

x86_64:
microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm
microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/microshift/4.13/html/release_notes/index

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZGW+qNzjgjWX9erEAQgKUBAAgJTFwCyw2sDIBX09SpO/DpM0b4EWNDL1
5+cVfhtJ6BitU5yiXrjXocGcgho5yIWY9MRZ+sq7hRuFjE+k0uB0bGy3AfOjcVDG
uOspUjkvW8KzhTRVpKXDDqP9Q6OpYqaXptkYwvYro9vAFQm/QvW7PKw/K60FIpPK
g/K7gjy9xnLghG6C6vG6/XsFXOEvQ8ZOgchYHDFVm2wZK41m1V1irGBHdggaMdA2
bFBpSKadF+zXRjT6gLxBec2GGSxSmBNP0B/2JHTxWvuzNRBVIMXRZt98o6OkLkWo
g2pzIDTgVY6ls83BebJVD0tx8h5k4PYolgk09TxnDgMRrca5ZXQhk3HmWAHD+0t3
DEypXiiI87pzC00QBbb9IJWz+SVsIXbgL30SilBJRFIc+y9gmJKf0G691psP8U7F
vqn5qsH6gCJl27seARkKerVWoN/Swylq+o20I1NfJSNTOg328tejUVaWvAt+vNMC
oQQg9EsoWFtmyzP02wuX7aD5807MeTXy5LrCSMPPPPBwf5AwIkb5AnZOlAnmSmFC
1wjDi6GW+pX7H36Y4SSaj1Nnj4Pzol19WRD9FJX5ywqWmv+tevf92nFXjnIc2Wyl
uxBLNJq5W4GzW9gu1W2UWOaGAPZZ0WB6M4tquznXMF4AbjVgz64GpAgAR2q8xZcx
AlbUjtGBbZM=2NZ9
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce