-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.9.48 extras security update Advisory ID: RHSA-2022:6318-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:6318 Issue date: 2022-09-12 CVE Names: CVE-2021-38561 CVE-2022-0494 CVE-2022-1353 CVE-2022-2526 CVE-2022-29154 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.48. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2022:6317 Security Fix(es): * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-831 - Placeholder bug for OCP 4.9.0 extras release 6. References: https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0494 https://access.redhat.com/security/cve/CVE-2022-1353 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYx+EpdzjgjWX9erEAQhcGxAAjn/l8VXM+2uhsgKr/R/QIfsgm8LAvGqC ChOENoOlKKv4HXcECG/eWmQYOiivwXPiY9pRBr9GkFy16bkX3SvcCbLCJruuqDwC Tq5j46fSk4ocEALi4+diibWbKcTIzIRWvgh0fcKfu+v/cgkqNK5q94//NPL+PxZC FZyF2qhAERMISN0gaEP8JLqM12Fg4M/DZrtF4NSysfhSSPIn02bgVmAfUVDDa+Cn mwgJOrCo0RuzJdq4HV7YiEiOOs7RSVAQgCwwLeP5DVnWgKX8XdNHetHv8xsgIj5o p6sYtB7J6WYdvp4ozBXT5Wx/sZS5gjsDguG2uHjJHOOsI4hcfcLfOyzqtWOGiOud ORTqkG0h0J4o9il0gq0YtMkI4UP1XHbyQ7ctxfOT76IFPkg3vmJPADjR52QpkaNF Jgl8IS2MOFxANcuLEZ+Hxd4DToGPCaYlPTvbpjfsmSEk9+6RrnHe55anKmzYbT6Q BuIomun810CyRAIsAjqOR0nk8sU4D8kevzuKfKm4I2gSy5/wWUCRpREe3LpNpduU fA4fX6obDhj/1wAy/qMggzRjBS1SNersrVe/hDjjwRndKMUOnChl2MmvQW9+UeWW yxw+afd4R+TJZI5v55CZM07r31TtP5J0uyPdEGL51GLLR2fFWNGUuQxQp3dEy033 Uvu3AqnMIwo= =LHpU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce