Headline
RHSA-2023:2695: Red Hat Security Advisory: OpenShift Container Platform 4.11.40 security update
Red Hat OpenShift Container Platform release 4.11.40 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Issued:
2023-05-18
Updated:
2023-05-18
RHSA-2023:2695 - Security Advisory
- Overview
- Updated Images
Synopsis
Moderate: OpenShift Container Platform 4.11.40 security update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat OpenShift Container Platform release 4.11.40 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.40. See the following advisory for the container images for this release:
Security Fix(es):
- go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64
Fixes
- BZ - 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents
- OCPBUGS-4603 - SR-IOV VFs may get reseted after being allocated by other pods
aarch64
openshift4/ose-ansible-operator@sha256:a832d737fa1da499765d9bf95166ebe6edd529d1a3f7c1613fda10d823e414aa
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:f8fbdaf8fc83bbc512a3cf86e5bbf45ae3398ba7a9a2a80a5d8e5f97567997f0
openshift4/ose-operator-sdk-rhel8@sha256:1c1848728e748d12672852b2cfbb20d62a00aa7ff32783e2390f6b24c1b212a7
openshift4/ose-sriov-cni@sha256:c6a7742a6174d10f026e9f0abd7f101e3ca807a28974816dc5dc5bbc452efd08
openshift4/ose-sriov-network-operator@sha256:1045842fbdcee42b2b34f4865d273e16e4caa8e155fa3b3ed2a3dfaf12939aed
ppc64le
openshift4/ose-ansible-operator@sha256:c17303fdd9492ae67355209e2acebc295fff6e1696be312ae9a96f6963d014cf
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:baee251fc52b51301181ffa8d33048d93c67b3aa3fbe9b8304cd9100b74e4b53
openshift4/ose-operator-sdk-rhel8@sha256:ba1553d5ae12f1dd2fa988212d214dedc5fa4fe57d3c74c8adb7de8ad69347ce
openshift4/ose-sriov-cni@sha256:28c43dc17f51b1dbe58dfed83bf42fd7b05848839c30113d1864fd2ae47aeaed
openshift4/ose-sriov-network-operator@sha256:d609fc2054a29c166e7d345acb7519a3a7bb808ea0371f33b5e6635147f6b348
s390x
openshift4/ose-ansible-operator@sha256:68cb72896270cdb9cd36c7c3bf01738c9e85546a9d959e3b6e49c8b542f22160
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:0679bfcf0bd855a44f519a577c6b8d505ad53f28e3b80ad71dac18442b21a8c8
openshift4/ose-operator-sdk-rhel8@sha256:342bba46a99e176615bf913fff6bdec094564e3f6e03b8e53c65c145b4cbf316
x86_64
openshift4/ose-ansible-operator@sha256:f73ca043b7c0d3b69759393d83ed2ba37828d0bc0e6fa10497e4ee887f9a9a9f
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:bd59d575bd7a7e306e5b689ea10fa2455a9fb8ad4ebdda781ea58d14a3f8f9a7
openshift4/ose-operator-sdk-rhel8@sha256:794e46d3111eeec942d2b5cc03774d2a5e86c558f3da5df45fa5245738c3ff09
openshift4/ose-sriov-cni@sha256:87787352343d03408bc3463a3f06f2b28635e4490113f04c56babeec6bae8391
openshift4/ose-sriov-network-operator@sha256:ed81dbe105ad23e63eb2d2b03a0299bce6b2afadf6be3b19e345da222c675140
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-4443-03 - An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Ubuntu Security Notice 6287-1 - Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service.
Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat Security Advisory 2023-2695-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.40.
Red Hat Security Advisory 2023-2111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.16.
Red Hat OpenShift Container Platform release 4.12.16 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat Security Advisory 2023-0778-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.56.
Red Hat OpenShift Container Platform release 4.9.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Red Hat Security Advisory 2023-0803-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Important.
Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.
An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...
An update is now available for Red Hat OpenShift GitOps 1.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functio...
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.