-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update Advisory ID: RHSA-2021:3001-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:3001 Issue date: 2021-08-03 CVE Names: CVE-2021-20206 ===================================================================== 1. Summary: The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Security Fix(es): * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * LB service unstable with multiple Windows nodes and pods (BZ#1905950) * WMCO patch pub-key-hash annotation to Linux node (BZ#1930791) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1939968) * Telemetry info not completely available to identify windows nodes (BZ#1948037) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952914) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1953692) * Windows pod with a Projected Volume is stuck at ContainerCreating (BZ#1971745) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/win dows-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1905950 - LB service unstable with multiple Windows nodes and pods 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1930791 - WMCO patch pub-key-hash annotation to Linux node 1939968 - kube-proxy service terminated unexpectedly after recreated LB service 1948037 - Telemetry info not completely available to identify windows nodes 1952914 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1953692 - WMCO incorrectly shows node as ready after a failed configuration 1971745 - Windows pod with a Projected Volume is stuck at ContainerCreating 1983153 - WMCO auto upgrade from v2.0.2 to v3.0.0 failed 5. JIRA issues fixed (https://issues.jboss.org/): WINC-618 - Windows Container Support for Red Hat OpenShift 3.0.0 release 6. References: https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQmnh9zjgjWX9erEAQgnJA//W5XLnQlVaaz2aUO90BS56M3lVjU6gUB9 vtUjwEboNgmEheDsFpR7wt81LQzp4Bclqcnplpctz5kUn6W2XTcqjE4EyydFup0z q+5hBubmusTJboShJImPWBDDuDmF8bB4moHzMhbjFG4Tjh46omvIyI8ugcGuOf5s dGw6S+lUcjRiF/awlI8d3wFv4NEtxi7A3zztpeOz7ZlgT4VqRc1WnCR+e7BGmwvP S96VRAfeNMJPgSSVAIs4q2Vk8MXYMjV0q7wuTLFMKte87LFYBbUesMWnubFHjc3Y xpaOcoNREC14BKhf609wzmjBusHnXPeoXD4vScS2AzDW0Z9SNPysIUdOhmlXvkrl KyWrZkI0MOLZDIVI4zHYpWVcomOG27E0xAUdNYno7rSgodMTgeXGElNlPLi59YMQ BMgBv7NJAv5ms9xgToDybsHnFQ8soqguVM7k06fjHd913Sdhflkb3+t96wfTDcNl EcXeNIvp4pjdsWdam+P6PyxZl1OnLmNhWTuunVaJaagZ1XG1NO0+vFmE5vFqzrgu FgG2IYDKWOFcNTtkcYEFBvNGYRkSEmmoUZ6wKr1wnnK837h5idKvlbXahmA8MDoQ zfLlL4Yqyte4gIavb5KWYTdlmO7bVfg4YKESqd0OBHUD4qwaZbrXs0n2O7SdncuH ITjg2zA6mag= =Q/sk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce