-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift support for Windows Containers 2.0.5 [security update] Advisory ID: RHSA-2022:1660-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:1660 Issue date: 2022-05-02 CVE Names: CVE-2021-20206 ==================================================================== 1. Summary: The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Security Fix(es): * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/latest/windows_containers/windows-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 5. JIRA issues fixed (https://issues.jboss.org/): WINC-756 - Windows Container Support for Red Hat OpenShift 2.0.5 release 6. References: https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnAFZNzjgjWX9erEAQhe/A//fvs6Aa32A6rMhMKG+FlQEsfMuug0pnnA 2jTEkhuDS7wYl2ijuYUSQmTQwLd24upGt4AlmYqGgXogEhAFdOKi6D+ntzPUUKta iuPv7V8IQIFYV5/K3N32ZC/p1/cTAPt1jb0ClvyNbvU5+U5R5SzS6OSFNDAfeg0Q //uEjFLoJwyITHkjvMU4NVnMQuKCFqcl6WFTjT0ufp4PeFVdy7vNazmavnwWlSY+ tjQb62sl4cRHZhoiZHIZc+Y+qgLNJKhFsrO9B1C3DdhWLNPG7jrByDQW/oOsTBFg oP90YzNWKWWJRaDl5l46u2MrEH4jzEaSai4kE6/lRTh7JMOoeQSFhi+PnTbtmiPt DWS0md+MnKmWugEE/HNV1CwDzD8EBgz9zbXGWniv3oVlgcTklP9ZSst8scz4DN55 zsuvgGNYWG1jkF2WRxLSdR8vt1TAk8GZzvXBjcGjyQy0QOJGXFdEVZ510y7rlSZt 0WMLJ/22xHo/3bXAyACVHBoPt/UO+2IlsUhVa34EqAiGCgVd69uwJQb15XScXdKf rZM5+gq8qQKwcT9KFAnbDA7cDpPuEM7CL95x5W+L1BOFrcBp3TvmNTbOs7gC5JK8 9ZJDKOu5CjgpIXiFYuFSzWiFJInbSwZAQFV7pvu+Ze3L8KVjsX/Tj9L8+4fPdCsi YW5Ax78Uw9s=F/rw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce