Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
  • CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
  • CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers
  • CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  • CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components in all circumstances
  • CVE-2022-41316: vault: insufficient certificate revocation list checking
  • CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps
  • CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
Red Hat Security Data
#vulnerability#web#ios#mac#windows#linux#red_hat#dos#nodejs#js#git#java#kubernetes#perl#ldap#vmware#aws#lenovo#amd#bios#alibaba#oauth#auth#ssh#ibm#rpm#docker#jira#firefox#sap#ssl

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-17

Updated:

2023-01-17

RHSA-2022:7399 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.12.0 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.12.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:7398

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

  • golang: out-of-bounds read in golang.org/x/text/language leads to DoS

(CVE-2021-38561)

  • golang: net/http: improper sanitization of Transfer-Encoding header

(CVE-2022-1705)

  • golang: archive/tar: unbounded memory consumption when reading headers

(CVE-2022-2879)

  • golang: net/http/httputil: ReverseProxy should not forward unparseable

query parameters (CVE-2022-2880)

  • prometheus/client_golang: Denial of service using

InstrumentHandlerCounter (CVE-2022-21698)

  • golang: net/http/httputil: NewSingleHostReverseProxy - omit

X-Forwarded-For not working (CVE-2022-32148)

  • golang: net/url: JoinPath does not strip relative path components in all

circumstances (CVE-2022-32190)

  • vault: insufficient certificate revocation list checking (CVE-2022-41316)
  • golang: regexp/syntax: limit memory used by parsing regexps

(CVE-2022-41715)

  • openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher (CVE-2023-0296)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

Solution

See the following documentation, which will be updated shortly for this
release, for important instructions on how to upgrade your cluster and
fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata
for x86_64, s390x, ppc64le, aarch64 architectures.

The image digests may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)
The image digest is sha256:4c5a7e26d707780be6466ddc9591865beb2e3baa5556432d23e8d57966a2dd18

(For s390x architecture)
The image digest is sha256:ab70750be4fadf5a525141ae32a8577c91dd19f1d6e582a6824339c938216ec0

(For ppc64le architecture)
The image digest is sha256:5a5943dea60b40f73ecee685b12fff1d65cc8bfe946f762fdfe862969483ddbb

(For aarch64 architecture)
The image digest is sha256:cb34667519d1cfd8eedf0fb27e14b7b7e6209323b86977bfaadf91da012d179d

All OpenShift Container Platform 4.12 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

  • BZ - 1843043 - Config api resource has a terrible description
  • BZ - 1876933 - No useful message after hitting volume attachment limit
  • BZ - 1879980 - oc adm groups prune cannot find the groups present in ldap and finishes to delete all of them
  • BZ - 1894268 - SDN to OVN migration problem due to overlap with “Join network”
  • BZ - 1896533 - network operator degraded due to additionalNetwork in non-existent namespace
  • BZ - 1904106 - Graphs in dev console shouldn’t go below 0
  • BZ - 1917662 - oc exec cmd run executed file in azure file volume return 139 or exec failed: container_linux.go:366: starting container process caused: interrupted system call
  • BZ - 1924017 - [OCPonRHV] [Workers only] Special configuration for High Performance VMs is not implemented for worker nodes
  • BZ - 1944065 - [VPA] recommender is logging errors for pods with init containers
  • BZ - 1944365 - openstack: missing validation for apiVIP and ingressVIP
  • BZ - 1951835 - CVO should propagate ClusterOperator’s Degraded to ClusterVersion’s Failing during install
  • BZ - 1951901 - incorrect Worker nodes number calculated when nodes have both master and worker role
  • BZ - 1957709 - Creation of LoadBalancer service (Openstack Lbaas) take too much to be ready when creating IngressControllers with endpointPublishingStrategy=LoadBalancerService
  • BZ - 1962502 - The route generated from ingress is still admitted after updating the spec.ingressClassName to mismatch
  • BZ - 1977660 - the pod events show error codes when crio recreate the missing symlinks
  • BZ - 1997396 - No alerts have triggered for CPU and Memory limit with Cluster Autoscaler
  • BZ - 2000276 - EncryptionStateControllerDegraded: failed to get converged static pod revision
  • BZ - 2000552 - must-gather should collect ALL apiservices
  • BZ - 2000554 - must-gather should collect webhooks service namespaces
  • BZ - 2001027 - ClusterAutoscaler with balanceSimilarNodeGroups does not scale even across MachineSet
  • BZ - 2001211 - Resource usage measurement data display the concatenation of English and translation sentence fragments on utilization section when moving the mouse over each resource usage chart in Developer->Project
  • BZ - 2001409 - All critical alerts should have links to a runbook
  • BZ - 2006378 - improve check that verifies task permissions in vsphere
  • BZ - 2006611 - CVO resolves the version takes a long time sometimes when upgrading via `–to-image`
  • BZ - 2010365 - OpenShift Alerting Rules Style-Guide Compliance
  • BZ - 2010375 - OpenShift Alerting Rules Style-Guide Compliance
  • BZ - 2018481 - [osp][octavia lb] Route shard not consistently served in a LoadBalancerService type IngressController
  • BZ - 2021297 - Dynamic Plugins: Console isn’t honoring declared `@console/pluginAPI` dependency
  • BZ - 2022328 - kube-controller unpublishing volume after maxWaitForUnmountDuration leaves block devices on node in a inconsistent state
  • BZ - 2023443 - Console plugin SDK build passes even if there are errors in one of its dist packages
  • BZ - 2028474 - [OCPonRHV] Remove clustername length limitation(metadata name)
  • BZ - 2030406 - Dynamic plugin demo nav outputs incorrect markup that doesn’t conform to the Console navigation which uses the PatternFly Navigation component
  • BZ - 2033167 - oc extract ?to option doesn?t create the target directory if it?s not present
  • BZ - 2033499 - Populate acceptedRisks on Recommended=False updates for conditional edges
  • BZ - 2034883 - MCO does not sync kubeAPIServerServingCAData to controllerconfig if there are not ready nodes
  • BZ - 2037329 - [UI] MultiClusterHub details after it’s creation starts flickers, disappears and appears back (happened twice)
  • BZ - 2039411 - Monitoring operator reports unavailable=true while one Prometheus pod is ready
  • BZ - 2040612 - crio umask sometimes set to 0000
  • BZ - 2043518 - Better message in the CMO degraded/unavailable conditions when pods can’t be scheduled
  • BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • BZ - 2046335 - ETCD Operator goes degraded when a second internal node ip is added
  • BZ - 2048349 - Service CA Operator does not reconcile for spec.loglevel changes in ServiceCA CRD
  • BZ - 2048789 - broken toolbox in OCP 4.10 with non-default image
  • BZ - 2049591 - [RFE] Toolbox - make sure we are running on the latest image?
  • BZ - 2052662 - Opening Insights popup crashes the page
  • BZ - 2055247 - [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine
  • BZ - 2055620 - ImageStreamChange triggers using annotations does not work
  • BZ - 2056387 - [IPI on Alibabacloud][RHEL scaleup] new RHEL worker were not added into the backend of Ingress SLB automatically
  • BZ - 2056888 - [Secondary Scheduler] - Version number incorrect in secondary scheduler operator bundle
  • BZ - 2057637 - default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets
  • BZ - 2057972 - Extra space is in the translation text(Chinese) of ‘Create rolebinding’ and ‘replicate rolebinding’
  • BZ - 2059125 - The oc binary for mac arm64 can?t be executed
  • BZ - 2059599 - [ibm]Lots of info message from ibmcsidriver/identity.go:83 displayed in the log ibm-vpc-block-csi-node/iks-vpc-block-node-driver
  • BZ - 2060068 - machine-api-provider-aws creates EC2 instances with the default security group when no matching security group is found
  • BZ - 2060079 - Re-think kubeproxy_sync_proxy_rules_duration_seconds_bucket alerts
  • BZ - 2061947 - IBM Cloud: Uninstall does not succeed when there is nothing to clean up
  • BZ - 2062579 - [IBMCloud] Provide invalid profile machine stuck in “Provisioning” phase
  • BZ - 2063764 - Operators - OperatorHub : i18n misses
  • BZ - 2065192 - GCP - Less privileged service accounts are created with Service Account User role
  • BZ - 2065727 - Scaling down an hypershift cluster ends with BMH shutdown and in maintenance mode
  • BZ - 2066560 - two router pods are in ContainerCreating status when tried to patch ingress-operator with custom error code pages directly
  • BZ - 2067059 - No topologySpreadConstraints shown in `oc describe resource`
  • BZ - 2067323 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the gRPC interoperability tests [Suite:openshift/conformance/parallel/minimal]
  • BZ - 2068910 - After node re-created, some ovn annotations are not found for the node and due to that pod is in crashloop
  • BZ - 2070562 - Base64 data value for java keystore secret changing automatically, when we edit it from the console and saving it without doing any changes
  • BZ - 2071792 - Non-kubeadmin user will not have access to openshift-config ns to pull secret/CM for adding private HCR in a namespace
  • BZ - 2073617 - [IBM] allowedTopologies in SC causes scheduling to fail when region is empty
  • BZ - 2075107 - Heading mismatch of CloudShellDrawer & Fullscreen
  • BZ - 2075607 - [4.10] IBM VPC operator needs e2e csi tests for ibmcloud
  • BZ - 2077933 - Kube controller manager does not handle new configurations available in the cloud provider OpenStack
  • BZ - 2078691 - [OVN] Node to service traffic is blocked if service is “internalTrafficPolicy: Local” even backed pod is on the same node
  • BZ - 2078727 - [IBM] Volume is not provisioned when storageclass Region is provided but without zone info
  • BZ - 2079214 - modal text goes outside of modal boundary and doesn’t have scroll bar
  • BZ - 2079249 - list pages in pipelines is taking more time to load when there are too many items
  • BZ - 2079679 - [bz-monitoring][invariant] alert/Watchdog must have no gaps or changes
  • BZ - 2079690 - [RH OCP 4.9] Affinity definition YAML shows difference in web console
  • BZ - 2080260 - 404 not found when create Image Manifest Vulnerability on Operator “Container Security”
  • BZ - 2080449 - [Azure-file CSI Driver] Read/Write permission denied for non-admin user on azure file csi provisioned volume with fsType=ext4,ext3,ext2,xfs
  • BZ - 2081674 - Developer add page create a new project modal redirects to admin project page after creation
  • BZ - 2081734 - metal3-dnsmasq: workers are not provisioned during the cluster installation when BootMacAddress is not provided lower-case
  • BZ - 2082395 - Private cluster installer on Azure asking for baseDomainResourceGroup even when it has nothing to do with basedomain as mentioned in documentation.
  • BZ - 2082588 - [RFE] Add new Azure instance types to the official “tested/supported” list
  • BZ - 2082599 - retry logic should have an upper bound on the number of failed attempts
  • BZ - 2082773 - [AWS-EBS-CSI-driver-Operator] Generic ephemeral volumes online resize Filesystem type volume stucked at file system resize phase
  • BZ - 2083041 - Updating externalTrafficPolicy=cluster to externalTrafficPolicy=local doesn’t work
  • BZ - 2083226 - alertmanager-main pods failing to start due to startupprobe timeout
  • BZ - 2084453 - Edit PodDisruptionBudget page sometimes takes user to not synced YAML view
  • BZ - 2084471 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors
  • BZ - 2084504 - can not silent platform alert from developer console
  • BZ - 2085390 - machine-controller is case sensitive which can lead to false/positive errors
  • BZ - 2086231 - Install Shared Resource CSI Driver Webhook
  • BZ - 2086887 - DNS occasionally unavailable after large scale up operation
  • BZ - 2087032 - Operator-sdk “run bundle” “run bundleup-grade” can’t support proxy env
  • BZ - 2087679 - EgressQoSes not gathered for debugging purposes
  • BZ - 2087981 - PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendation
  • BZ - 2088033 - Clear text password/secret in operator pod
  • BZ - 2088583 - libguestfs: error: download: /boot/loader/entries/ostree-1-rhcos.conf: No such file or directory
  • BZ - 2089199 - etcd Dashboard should be removed on guest cluster of hypershift
  • BZ - 2089221 - Could not de-select a Git Secret in add and edit forms
  • BZ - 2089402 - BuildConfig throws error when using a label with a / in it
  • BZ - 2089807 - Many errors when powering off a master
  • BZ - 2089950 - Upgrade fails with message Cluster operator console is not available
  • BZ - 2090135 - [upstream] Operator-sdk run bundle offer the wrong error message
  • BZ - 2090836 - Bootstrap node should honor http proxy
  • BZ - 2090988 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing
  • BZ - 2091102 - Name of workload get changed, when project and image stream gets changed on edit deployment page of the workload.
  • BZ - 2091109 - Add to application dropdown options are not visible on application-grouping sidebar action dropdown.
  • BZ - 2091238 - NetworkPolicies: ovnkube-master pods crashing due to panic: “invalid memory address or nil pointer dereference”
  • BZ - 2091545 - Namespace value is missing on the list when selecting “All namespaces” for operators
  • BZ - 2091555 - Sort function doesn’t work on “Namespaces” column on operator details page
  • BZ - 2091573 - Input values in Instantiate Template are disappeared randomly in the developer console
  • BZ - 2091864 - Registry Pod don’t have “securityContext.runAsNonRoot=true” config that generated by run bundle
  • BZ - 2092319 - [Firefox] multi-line node status formatting issue
  • BZ - 2092731 - Give more clear information when `oc adm release new` without the --keep-manifest-list opotion for the manifestlist imagestream YAML
  • BZ - 2092920 - Dependent tasks in Pipeline chart linked incorrectly
  • BZ - 2093016 - [azure disk] add metric and alert to help identify cascading test failures
  • BZ - 2093040 - unable to start `toolbox` on RHCOS using `podman` 4.0
  • BZ - 2093046 - must-gather debug pods are missing priority class
  • BZ - 2093440 - [sig-arch][Early] Managed cluster should start all core operators - NodeCADaemonControllerDegraded: failed to update object
  • BZ - 2093826 - Pods with OVN hardware offloading enabled interface fail to start
  • BZ - 2093852 - Affinity rule created in console deployment for single-replica infrastructure
  • BZ - 2093892 - no api_key_file field in AlertmanagerConfig, but error message complains it
  • BZ - 2094012 - Listing secrets in all namespaces with a specific labelSelector does not work properly
  • BZ - 2094068 - No runbook created for NorthboundStale alert
  • BZ - 2094101 - `podman` dumping core on RHCOS 4.11 + RHEL 8.6 on `aarch64`
  • BZ - 2094174 - ReleaseAccepted=False keeps complaining about the update cannot be verified after the upgrade is cleared
  • BZ - 2094240 - MachineConfigPool details page should use consistent word for resume updating
  • BZ - 2094362 - Duplicate prometheus rules for API SLOs after upgrade
  • BZ - 2094462 - DeleteACLsFromPortGroupOps doesn’t actually have any UUIDs set, so it deletes nothing and complains
  • BZ - 2094502 - Creating an MCH instance does not work via blue button
  • BZ - 2094558 - MetalLB: Creating ip address pool and community CR through webconsole the words like addresses and communities are truncated
  • BZ - 2094716 - Unable to install a fully air gapped OCP 4.10 cluster in AWS using IPI
  • BZ - 2094783 - storageclass should not be created for unsupported vsphere version
  • BZ - 2094865 - INIT container stuck forever
  • BZ - 2095323 - Openshift on OpenStack does not honor machineNetwork setting with multiple networks
  • BZ - 2095623 - [rebase v1.24] [sig-storage] In-tree Volumes [Driver: azure-file] tests fail
  • BZ - 2095708 - oc adm inspect throws out erorr "the server doesn’t have a resource type “egressfirewalls” for all operators
  • BZ - 2095852 - Unable to create Network Policies: error: unexpectedly found multiple equivalent ACLs (arp v/s arp||nd) (ns_netpol1 v/s ns_netpol2)
  • BZ - 2097026 - Administration - Cluster Settings - Cluster Operators : Filter menu values are in English
  • BZ - 2097073 - etcdExcessiveDatabaseGrowth should not use increase() around gauge metrics
  • BZ - 2097221 - [OVN HWOL] Avoid masked access to ct_label to allow offloading of ECMP symmetric reply and load balanced traffic
  • BZ - 2097243 - NodeIP is used instead of EgressIP
  • BZ - 2097431 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history
  • BZ - 2097557 - can not upgrade. Incorrect reading of olm.maxOpenShiftVersion
  • BZ - 2097691 - [vsphere] failed to create cluster if datacenter is embedded in a Folder
  • BZ - 2097701 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10
  • BZ - 2097785 - Ensure OSUpdateStaged gets sent to the API server before rebooting
  • BZ - 2098053 - Add a e2e test to validate address mismatch between pod address family and external gw family
  • BZ - 2098054 - The control plane should tag AWS security groups at creation
  • BZ - 2098072 - [vsphere] update install-config description for diskType
  • BZ - 2098124 - [Kubernetes] [ISCSI] ipv6 single stack cluster could not get SCSI server host number
  • BZ - 2098234 - Local Update Server link 404
  • BZ - 2098299 - install-config: Strict unmarshalling conflicts with new fields
  • BZ - 2099401 - [IBMCloud] Client does not set region endpoint for InstallConfig
  • BZ - 2099664 - MachineConfigPool is not getting updated
  • BZ - 2099795 - README file for helm charts coded in Chinese shows messy characters when viewing in developer perspective.
  • BZ - 2099864 - vmware-vsphere-csi-driver-controller can’t use host port error on e2e-vsphere-serial
  • BZ - 2099939 - enabled UWM alertmanager only, user project AlertmanagerConfig is not loaded to UWM alertmanager or platform alertmanager
  • BZ - 2099945 - [OVN] bonding fails after active-backup fail-over and reboot, kargs static IP
  • BZ - 2099991 - pass the “–quiet” option via the buildconfig for s2i
  • BZ - 2100166 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec
  • BZ - 2100220 - Completed pods may not be correctly cleaned up
  • BZ - 2100249 - Revert Bug 2082599: add upper bound to number of failed attempts
  • BZ - 2100312 - should use the same value for AlertRelabelConfig with oc explain
  • BZ - 2100334 - Event sources do not show up until KnativeServing is installed
  • BZ - 2100342 - Operator-sdk run bundle offer the wrong error message
  • BZ - 2100472 - TechPreview feature is not enabled, but find “failed to list *v1alpha1.AlertingRule: alertingrules.monitoring.openshift.io is forbidden” in cmo logs
  • BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
  • BZ - 2100640 - “Show operands in all namespaces” radio group font size is too large.
  • BZ - 2100702 - No need to pass to-image-base for `oc adm release new` command when use --from-release
  • BZ - 2100708 - Print the dup choose image message is noisy
  • BZ - 2100774 - In the Deploy Image form Image name from external registry field Required text is not red as other fields
  • BZ - 2100843 - Selecting add connector context menu option opens the side panel of the node
  • BZ - 2100845 - MetalLB: matchExpressions used in CR like L2Advertisement allow duplicate entries
  • BZ - 2100852 - worker-user-data secret couldn’t be synced up from openshift-mahcine-api to openshift-cluster-api
  • BZ - 2100860 - Users can’t silence alerts from the dev console when dedicated UWM Alertmanager is deployed
  • BZ - 2100882 - downloading govc is impacted by github rate limiting
  • BZ - 2100918 - Add debug logging to TestIngressOperatorCacheIsNotGlobal
  • BZ - 2100923 - [SSO] Deleting secondary scheduler CR does not delete the corresponding deployment
  • BZ - 2101157 - OVS-Configure doesn’t iterate connection names containing spaces correctly
  • BZ - 2101343 - topolvm-controller get into CrashLoopBackOff few minutes after install
  • BZ - 2101357 - catalog-operator fatal error: concurrent map writes
  • BZ - 2101444 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation
  • BZ - 2101511 - [4.12] Tag new ironic packages when we have builds
  • BZ - 2101520 - csi-snapshot-controller-operator occasionally establishes an unusual number of watch requests
  • BZ - 2101622 - Drain happens before other image-registry pod is ready to service requests, causing disruption
  • BZ - 2101645 - [Cluster storage Operator] DefaultStorageClassController report fake message “No default StorageClass for this platform” on azure and openstack
  • BZ - 2101736 - Finalizers can’t be removed for machines
  • BZ - 2101843 - pv fails to recycle with PodSecurity error
  • BZ - 2101878 - Route status isn’t always getting cleared with routeSelector updates
  • BZ - 2101880 - [cloud-credential-operator]container has runAsNonRoot and image will run as root
  • BZ - 2101885 - The bash completion doesn’t work for get subcommand
  • BZ - 2101992 - [Azure] IP address release: After deleting and recreating egressIP object, egress traffic was intermittently broke for about 1 minute
  • BZ - 2102004 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r–r--/420/0644; received: ----------/0/0
  • BZ - 2102098 - [OSD] There is no error message shown on node label edit modal
  • BZ - 2102109 - co/node-tuning: Waiting for 15/72 Profiles to be applied
  • BZ - 2102228 - Update rhcos.json in installer to point at new CDN
  • BZ - 2102269 - The base image is still 4.10 for operator-sdk
  • BZ - 2102324 - GCP: Panic when unknown region AND machinesets specified in install config
  • BZ - 2102341 - [UI] ODF operator icon is missing on the Installed Operators page
  • BZ - 2102344 - [SSO] sso operator cannot be upgraded from 1.0.0 to 1.0.1 or 1.1
  • BZ - 2102371 - Openshift-Ansible RHEL 8 CI update
  • BZ - 2102383 - Kube controllers crash when nodes are shut off in OpenStack
  • BZ - 2102450 - Kernel parm needs to be added when a pao performance profile is applied, rcutree.kthread_prio=11
  • BZ - 2102632 - a shorter cluster name leads to Uninstall fails with Observed a panic: runtime.boundsError
  • BZ - 2102673 - FRR start race condition
  • BZ - 2102676 - Updates / config metrics are not available in 4.11
  • BZ - 2102766 - OCP 4.12 Using RHCOS 411.84
  • BZ - 2103061 - [4.12] Backport Prow CI improvements from master
  • BZ - 2103090 - Storage - StorageClasses - Create StorageClass - Provisioner: Upon selection of Provisoner i18n misses
  • BZ - 2103126 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
  • BZ - 2103144 - [IPv6] apiVIP and ingressVIP non-equality validation doesn’t account for synonyms
  • BZ - 2103178 - disabling ipv6 router advertisements using “all” does not disable it on secondary interfaces
  • BZ - 2103224 - Sidebar perspective dropdown switcher has different background color and incorrect border color when in dark theme mode
  • BZ - 2103236 - GCP: Error message for insufficient permissions needs to be improved
  • BZ - 2103283 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes
  • BZ - 2103590 - [HyperShift] Election timeouts on OVNKube masters for Hypershift guests post statefulset recreation
  • BZ - 2103668 - ovnkube-node pod fails to start - unable to add OVN masquerade route to host, error: failed to add route for subnet - after upgrading to 4.10
  • BZ - 2103680 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created
  • BZ - 2103725 - Carry HAProxy patch ‘BUG/MEDIUM: h2: match absolute-path not path-absolute for :path’
  • BZ - 2103786 - MCP upgrades can stall waiting for master node reboots since MCC no longer gets drained
  • BZ - 2103940 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack
  • BZ - 2103972 - Pipelines (Multi-column table) column titles are not aligned with the column content (input fields) starting with 4.9
  • BZ - 2103981 - Topology resource sidebar shows all Builds and should show just the last n
  • BZ - 2104275 - Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag
  • BZ - 2104337 - Remove `yq` curls from CI steps
  • BZ - 2104373 - [AWS] CCM cannot work on Commercial Cloud Services (C2S) Top Secret Region
  • BZ - 2104481 - PROXY protocol is not configurable for “private” endpoint publishing strategy
  • BZ - 2104503 - Update ose-machine-config-operator images to be consistent with ART
  • BZ - 2104549 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18
  • BZ - 2104578 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule
  • BZ - 2104619 - Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device
  • BZ - 2104642 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator
  • BZ - 2104784 - Some EgressIP was not correctly assigned to the egress node under some condition
  • BZ - 2104803 - lr-policy-list for EgressIP was lost after scale down the test pods
  • BZ - 2104953 - Reintroduce kube1.24 for SDN
  • BZ - 2105003 - e2e-metal-ipi-ovn-dualstack failure: Timed out waiting for node count (5) to equal or exceed machine count (6).
  • BZ - 2105045 - OLM updates namespace labels even if they haven’t changed
  • BZ - 2105071 - container-selinux: Mostly-confined containers which create their own user and mount namespaces can’t mount overlay filesystems
  • BZ - 2105123 - Tuned overwriting IRQBALANCE_BANNED_CPUS
  • BZ - 2105165 - [IPI-IBMCloud] explain installconfig.platform.ibmcloud.resourceGroupName need update
  • BZ - 2105303 - Specify the namespace and the index entry along with the chart url to get the chart details
  • BZ - 2105325 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference
  • BZ - 2105328 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI
  • BZ - 2105341 - Bootstrap Gather Fails when cluster.tfvars.json is not available in Azure
  • BZ - 2105344 - Console app pod action provider extension is incorrectly defined
  • BZ - 2105399 - [SSO] secondary scheduler CR instance does not get updated when SSO is upgraded from 1.0.1 to 1.1.0
  • BZ - 2105706 - Race condition with pendingCloudPrivateIPConfigsOps in EgressIP code
  • BZ - 2105909 - OLM create-namespace.spec.ts e2e test fails always
  • BZ - 2105918 - Install Helm chart form doesn’t allow the user select a specific version
  • BZ - 2105933 - OKD: update FCOS to latest stable
  • BZ - 2105967 - Add E2E test case for Telco Friendly workload specific API
  • BZ - 2105996 - Broken assign error display for cloudprivateipconfig
  • BZ - 2106044 - etcd backup seems to not be triggered in 4.10.18–>4.10.20 upgrade
  • BZ - 2106055 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers
  • BZ - 2106061 - [4.12] Bootimage bump tracker
  • BZ - 2106086 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as “0abc”
  • BZ - 2106298 - unix domain socket mode is broken when specified as ovn database transport method
  • BZ - 2106366 - ProjectHelmChartRepository form doesn’t allow the user to make a difference between name and displayname
  • BZ - 2106372 - TypeError while creating NodeObservability Run under NodeObservability Operator
  • BZ - 2106377 - ProjectHelmChartRepository display name (spec.name) is not used in Helm Charts catalog
  • BZ - 2106378 - Spoke BMH stuck ?provisioning? after changing a BIOS attribute via the converged workflow
  • BZ - 2106403 - Nutanix: the e2e-nutanix-operator webhooks test suite does not support provider Nutanix
  • BZ - 2106444 - EgressnodeIP update need special logic to handle creation errors
  • BZ - 2106449 - openshift4/ose-operator-registry image is vulnerable to multiple CVEs
  • BZ - 2106476 - Order of config attributes are not maintained during conversion of PT4l from ptpconfig to ptp4l.0.config file
  • BZ - 2106667 - UPI: Install playbooks don’t honour platform.openstack.externalDNS
  • BZ - 2106733 - Machine Controller stuck with Terminated Instances while Provisioning on AWS
  • BZ - 2106770 - metallb greenwave tests failure
  • BZ - 2106803 - E2E: intermittent failure is seen on tests for devfile
  • BZ - 2106805 - Spec flag not overriding defaults in headless cypress tests
  • BZ - 2106862 - After ovnkube-node restart, external traffic policy local no longer works
  • BZ - 2106866 - Test Flake - Using OLM descriptor components successfully creates operand using form
  • BZ - 2106935 - kubernetes-nmstate-operator fails to install with error “no channel heads (entries not replaced by another entry) found in channel”
  • BZ - 2107043 - HTTPS_PROXY ENV missing in some CSI driver operators
  • BZ - 2107068 - etcd-metrics container is flooding logs
  • BZ - 2107113 - Adding SSH keys for core user post-install creates .ssh folder owned by root
  • BZ - 2107178 - Bond CNI: Failed to recreate pod with active-active bond: Failed to attached links to bond: Failed to set link: net2 MASTER, master index used: 4, error: bad address
  • BZ - 2107241 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
  • BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
  • BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  • BZ - 2107469 - Confusing subtitle in Create Service Binding modal when the target is already known
  • BZ - 2107513 - [SSO] 1.0.1 csv is pulling in secondary-scheduler-operator-container-v1.1-5
  • BZ - 2107558 - When deploying via the web ui, the namespace is always openshift-operators
  • BZ - 2107566 - [GCP] create gcpcluster get error
  • BZ - 2107578 - Power VS machine Processor is always defaulted to 0.5
  • BZ - 2107999 - [GCP] capg-controller-manager report panic after creating machineset and machine stuck in Provisioning
  • BZ - 2108033 - remove ovn-kubernetes dependency on arping executable file
  • BZ - 2108054 - Report alert when upstream CSI driver is found
  • BZ - 2108222 - Missing spec.cpu.offlined field in v1 API
  • BZ - 2108307 - oc debug node should set hostIPC to true
  • BZ - 2108317 - Fix two issues in hybrid overlay
  • BZ - 2108320 - rpm-ostreed: start limit hit easily
  • BZ - 2108473 - [vSphere CSI driver operator] CSI controller pod restarting constantly
  • BZ - 2108551 - [CI Watcher] Bulk Import e2e test flaking at a high rate
  • BZ - 2108647 - [azure] Standard_D2s_v3 as worker failed by ?accelerated networking not supported on instance type?
  • BZ - 2108708 - Ingress operator creates a “default” ingresscontroller on HyperShift
  • BZ - 2108858 - cluster-version operator should clear (pod) securityContext when the manifest does not set the property
  • BZ - 2109045 - ovn-k needs kubernetes 1.24 bump
  • BZ - 2109056 - Bring avoidbuggyips back
  • BZ - 2109059 - Reply to arp requests on interfaces with no ip
  • BZ - 2109152 - Kube-apiserver was down and could not recover
  • BZ - 2109258 - Legacy machine deletion annotation is not respected
  • BZ - 2109374 - ClusterVersion availableUpdates is stale: PromQL conditional risks vs. slow/stuck Thanos
  • BZ - 2109388 - [AWS] s3 GetBucketPolicy permission is missing in installer validation
  • BZ - 2109469 - Code cleanup: Don’t call useServiceLevelTitle hook in the JSX
  • BZ - 2109502 - Prerelease report bug link should be updated to JIRA instead of Bugzilla
  • BZ - 2109511 - Failed PipelineRun logs text is not visible in light mode
  • BZ - 2109538 - Nutanix platform validations run at `create manifests` stage
  • BZ - 2109697 - Migrate openshift-ansible to ansible-core
  • BZ - 2109800 - [IBMCloud] context deadline exceeded for kube-scheduler targets
  • BZ - 2109854 - Max unavailable and Max surge have inaccurate description
  • BZ - 2109945 - HyperShift: ovnkube-node not able to connect to sbdb
  • BZ - 2109963 - Master node in SchedulingDisabled after upgrade from 4.10.24 -> 4.11.0-rc.4
  • BZ - 2109965 - oci hook Low-latency-hooks causing high container creation times under platform cpu load
  • BZ - 2109967 - failed to apply dns nncp on vSphere/OpenStack platform
  • BZ - 2110281 - daemon: Drop tuneableFCOSArgsAllowlist
  • BZ - 2110321 - Workloads list page has different PDB action items from details page when All Projects selected
  • BZ - 2110501 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate
  • BZ - 2110525 - Form/YAML form errors stay around
  • BZ - 2110590 - Upgrade failing because restrictive scc is injected into version pod
  • BZ - 2110617 - Split the route controllers out from OCM
  • BZ - 2110629 - openshift-controller-manager(-operator) namespace should clear run-level annotations
  • BZ - 2110722 - openshift-tests: allow -f to match tests for any test suite
  • BZ - 2110927 - Edit YAML page shows unexpected zero (0) and doesn’t clear errors anymore
  • BZ - 2111151 - Cannot delete a Machine if a VM got stuck in ERROR
  • BZ - 2111165 - Project auth cache is fully invalidated on changes to namespaces and namespaced RBAC
  • BZ - 2111205 - console-plugin-demo build failing in CI
  • BZ - 2111467 - Node internal DNS address is not set for machine
  • BZ - 2111474 - Fetch internal IPs of vms from dhcp server
  • BZ - 2111534 - [OVNK] Conntrack Rules are removed before the service rules/flows
  • BZ - 2111537 - oc image info ignores --output for multiarch image
  • BZ - 2111586 - Export OVS metrics
  • BZ - 2111686 - [OKD/nanokube] Different NPE when using console with a nanokube cluster
  • BZ - 2111733 - pod cannot access kubernetes service
  • BZ - 2111817 - rpm-ostreed start timeout on nodes with medium/high load
  • BZ - 2111842 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
  • BZ - 2111878 - Azure EgressIP gives up reconciling with No matching nodes found when updating the same egressip consecutively
  • BZ - 2111972 - openshift-machine-api namespace runlevel label should be set to empty string
  • BZ - 2111979 - openshift-controller-manager-operator NS runlevel needs to be set to emptystring
  • BZ - 2111984 - OpenShift controller manager needs permissions to get/create/update leases for leader election
  • BZ - 2112086 - [hybrid-overlay] AWS EC2 metadata service not available in host’s vNIC for Windows
  • BZ - 2112146 - [CI watcher] Create pod sample fail because of a restricted pod security admission policy
  • BZ - 2112237 - [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message “No default StorageClass for this platform” on Alicloud, IBM, Nutanix
  • BZ - 2112481 - Synced editor forms have incorrect and inconsistent visual display
  • BZ - 2112812 - [OCP 4.10] Developer catalog fails to load (on a fully disconnected cluster and on a disconnected cluster with proxy)
  • BZ - 2112862 - Namespace CRUD integration test is failing
  • BZ - 2112934 - The oc adm inspect ns/[namespace_name] command is not collecting the servicemonitors in the namespace
  • BZ - 2113936 - Fix e2e tests for [reboots][machine_config_labels] (tsc=nowatchdog)
  • BZ - 2113977 - Fix pod stuck in termination state when mount fails or gets skipped after kubelet restart
  • BZ - 2114009 - [4.12 Alicloud Snapshot] taking more time(4min+) to make snapshot content with ready status and (volume/snapshot content) getting created in default Resource group id
  • BZ - 2114488 - Monitoring Alert decorator in Topology color is grey instead of red
  • BZ - 2114506 - olm e2e failing when capabilities are disabled
  • BZ - 2114721 - telemeter-client pod does not use the updated pull secret when it is changed
  • BZ - 2114754 - “gather bootstrap” creates unexpected folder “serial-log-bundle-<timestamp>” beyond “log-bundle-<timestamp>.tar.gz”
  • BZ - 2114779 - Node Tuning Operator(NTO) - OCP upgrade failed due to node-tuning CO still progressing
  • BZ - 2114834 - Failure when creating Floating IP for load-balancer
  • BZ - 2114968 - 4.12-nightly payloads blocked by metal jobs failing with “Still creating …” when creating nodes
  • BZ - 2115308 - Kube API server operator should not update replicas when Machine/Node is being removed
  • BZ - 2115347 - 03279843 | Sev 3 | Negative regex matchers for alertmanager silences not properly parsed or read by console
  • BZ - 2115358 - control-plane-machine-set-operator pod got panic when create cpms on a single zone deployment
  • BZ - 2115479 - ovnkube direct-lists pods on a node when the node object changes
  • BZ - 2115522 - Strange padding in new Helm Chart Repository table row
  • BZ - 2115527 - ServiceAccounts PATCH noise leads to Secret leakage
  • BZ - 2115528 - bump bootimage to include latest rpm-ostree
  • BZ - 2115638 - CPMS cannot trigger RollingUpdate when adding failure domain
  • BZ - 2115684 - Gather ODF CephCluster resource status
  • BZ - 2115790 - [4.12] Bootimage bump tracker
  • BZ - 2115799 - CI failing tests: Perform actions on knative service and revision knative service menu options
  • BZ - 2115802 - Minor test fixes related to getting updated profile and checking kubeletconfiguration
  • BZ - 2115814 - Issues with samples in a disconnected cluster in OCP 4.9
  • BZ - 2115899 - BuildConfig form: Docker image repository should be just called Image registry
  • BZ - 2116382 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
  • BZ - 2116415 - CI failing tests: Event tab in build details page
  • BZ - 2116460 - percpu Memory leak CRIO due to no garbage collection in /run/crio/exits for exited containers
  • BZ - 2116547 - phyc2sys config will be automatically added to ptpconfigs even if it is not included in user PGT
  • BZ - 2116715 - remove dead code from openshift-controller-manager
  • BZ - 2116973 - Multiple navigation items displaying as active
  • BZ - 2116982 - multus-admission-controller in openshift-multus has 2 replicas on SNO
  • BZ - 2117033 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
  • BZ - 2117142 - Update the permission for Project Helm Chart Repository
  • BZ - 2117235 - separate route controllers to a new command
  • BZ - 2117255 - Failed to dump flows for flow sync, stderr: “ovs-ofctl: br-ext is not a bridge or a socket”
  • BZ - 2117310 - [OVN] New pods unable to establish TCP connections and get constant timeouts causing application downtime
  • BZ - 2117387 - vsphere: installer for vsphere does not have steal clock accounting enabled
  • BZ - 2117423 - Backport: https://github.com/openshift/kubernetes/pull/1295
  • BZ - 2117439 - change controlplanemachineset machineType to other type trigger RollingUpdate cause cluster error
  • BZ - 2117474 - ccoctl panics while trying to create a secret from credential request which does not have providerspec within it
  • BZ - 2117524 - openshift-ingress-operator with mTLS does not download CRL
  • BZ - 2117569 - kube-controller-manager needs to stop watching all events
  • BZ - 2117595 - Upgrade golangci-lint to 1.47.3 in image-customization-controller
  • BZ - 2117602 - LocalVolume does support by-path volumes
  • BZ - 2117646 - Changing `spec.host` field on any of routes in the openshift-console namespace wont trigger sync loop
  • BZ - 2117738 - Plugin page error boundary message is not cleared after leaving page
  • BZ - 2117749 - Bump to latest k8s.io 1.24 release
  • BZ - 2117822 - oc adm release extract should handle ccoctl
  • BZ - 2118286 - KCMO should not be dependent on monitoring stack
  • BZ - 2118318 - kube-controller-manager resource quota controller needs to stop watching all events
  • BZ - 2118550 - [capi] azure and vsphere image in payload
  • BZ - 2118563 - [OSP][SDN] The displayed IP Capacity is not consistent with port allowed maximum addresses
  • BZ - 2118625 - [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory
  • BZ - 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances
  • BZ - 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
  • BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
  • BZ - 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking
  • BZ - 2161287 - CVE-2023-0296 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
  • OCPBUGS-2223 - Default catalogSources are not updated to 4.12
  • OCPBUGS-2219 - ConsolePlugin CRs cannot be garbage collected due to missing spec.i18n.loadType value
  • OCPBUGS-939 - Flaky CI: Object.verifyTopologyPage timeout after importing a Devfile
  • OCPBUGS-929 - The help message of “opm alpha render-graph” is not correct
  • OCPBUGS-927 - Azure install fails in CI: Error: error creating/updating Private DNS Zone Virtual network link
  • OCPBUGS-926 - [vsphere-problem-detector] report privilege missing when using pre-existing folder and/or resource pool with ReadOnly permission
  • OCPBUGS-2197 - [upgrade 4.11.z to 4.12 nightly] rpm-ostree update via container failed
  • OCPBUGS-1106 - Devfile Catalog and Import a Devfile on a fully disconnected cluster should fail directly instead of timeout after 30sec
  • OCPBUGS-917 - create egressqos with wrong syntax/value rules success
  • OCPBUGS-2195 - NPE on visiting topology for ns which got deleted
  • OCPBUGS-1083 - e2e-aws-ovn-serial fails because of OVNKubernetesControllerDisconnectedSouthboundDatabase
  • OCPBUGS-2181 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name
  • OCPBUGS-1227 - Node events create unnecessary CPU load
  • OCPBUGS-889 - 4.12 installer is pointing at stable-4.11 channel
  • OCPBUGS-884 - Update RHCOS release browser url
  • OCPBUGS-2175 - Windows to linux networking broken since downstream OVN merge
  • OCPBUGS-1132 - e2e: perfprof: unbreak the e2e-gcp PAO lane
  • OCPBUGS-2167 - Workload hints feature breaks backwards compatibility
  • OCPBUGS-1105 - Import a Devfile on a disconnected cluster with a proxy doesn?t work
  • OCPBUGS-872 - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
  • OCPBUGS-2158 - Track changes of serviceAccountIssuer in operator status
  • OCPBUGS-1076 - CNO in HyperShift management cluster is reconciling ovn-kubemaster in Hosted Control Plane namespace.
  • OCPBUGS-869 - Change 'OpenShift Managed (Azure)' to ‘Azure Red Hat OpenShift’ for Azure support case link
  • OCPBUGS-2157 - Documentation for cleaning crio produces kubelet errors
  • OCPBUGS-867 - package-server-manager does not stomp on changes made to packgeserver CSV
  • OCPBUGS-2155 - Etcd scaling test was mistakenly added to the parallel suite
  • OCPBUGS-864 - ClusterOperator Conditions Update on Reordering
  • OCPBUGS-194 - Layout for API Explorer page is incorrect
  • OCPBUGS-2151 - machine-api-operator degraded during 3+1 deployment due to minimum worker replica count is 2
  • OCPBUGS-861 - Rebase openshift/etcd 4.12 onto v3.5.5
  • OCPBUGS-944 - CI failure due to pod security in manila
  • OCPBUGS-2138 - Get OSImageURL override related metric data available in telemetry
  • OCPBUGS-1226 - OpenStack UPI scripts do not create server group for Computes
  • OCPBUGS-858 - package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgrade
  • OCPBUGS-1231 - base image can’t be fetched in a disconnected environment
  • OCPBUGS-2396 - FIPS jobs are broken after images rebuilt with golang 1.19
  • OCPBUGS-853 - openshift-ingress-operator is failing to update router-certs because “Too long: must have at most 1048576 bytes” message
  • OCPBUGS-2125 - CVO skips reconciling the installed optional resources in the 4.11 to 4.12 upgrade
  • OCPBUGS-852 - oc debug requires a user to create a namespace with specific security labels
  • OCPBUGS-2122 - machine-config-daemon failed to update the OS for cluster running behind proxy
  • OCPBUGS-850 - Dockerfile: provide full URL to CentOS stream image
  • OCPBUGS-959 - Born in 4.1 and 4.2 clusters have ‘openshift.io/run-level: 1’ uncleared
  • OCPBUGS-825 - Available=False with no reason
  • OCPBUGS-2102 - Resource quota e2e tests fails after latest changes to master
  • OCPBUGS-819 - [ExtDNS] Invalid TXT records for wildcard domains on Azure
  • OCPBUGS-2100 - Alert icon color is black in the Topology list view
  • OCPBUGS-2086 - Detect failure to prepare installation
  • OCPBUGS-800 - Name of workload get changed, when project and image stream gets changed on reloading the form on the edit deployment page of the workload
  • OCPBUGS-1069 - Update ODC owners
  • OCPBUGS-785 - Bump documentationBaseURL to 4.12
  • OCPBUGS-2079 - systemReserved:ephemeral-storage in KubeletConfig doesn’t work as expected
  • OCPBUGS-766 - Missing the instance-type/region/zone labels in Machine CRs
  • OCPBUGS-2076 - CI AWS CCM cluster install failure
  • OCPBUGS-753 - dns-default pod missing “target.workload.openshift.io/management:” annotation
  • OCPBUGS-2075 - Do not show notification switch for the alert rule which have no alerts associated
  • OCPBUGS-745 - [4.12] Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag
  • OCPBUGS-2071 - revert “force cert rotation every couple days for development” in 4.12
  • OCPBUGS-1080 - It’s not possible to share BMC secrets between BareMetalHosts
  • OCPBUGS-729 - vsphere privilege check fails on vsphere6.7 u3 as missing privilege “InventoryService.Tagging.ObjectAttachable”
  • OCPBUGS-954 - [2087981] PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendation
  • OCPBUGS-2063 - List pages in pipelines is taking more time to load when there are too many items
  • OCPBUGS-722 - Undiagnosed panic detected in pod: openshift-controller-manager-operator_openshift-controller-manager-operator invalid memory address or nil pointer dereference
  • OCPBUGS-2029 - proxy config in installconfig fails to be applied
  • OCPBUGS-718 - Inefficient use of SG rules when creating Service LBs leads to scale issues
  • OCPBUGS-2010 - [noop][4.12] ironic clear_job_queue and reset_idrac pending issues
  • OCPBUGS-717 - Inquiries from customers regarding the EOL of Python 3.7.
  • OCPBUGS-2009 - User should be warned that MetalLB controller pod config node affinity cannot have weight 0
  • OCPBUGS-716 - EventsRecorder nonstandard / log only
  • OCPBUGS-2004 - egressip healthcheck through GRPC on dualstack cluster only uses v6 address when trying to re-connect to egressIP node
  • OCPBUGS-706 - [IBMCloud] e2e-ibmcloud-ipi-ibmcloud-gather-resources fails
  • OCPBUGS-1992 - [osp][octavia lb] failing to create floating IP for external LB
  • OCPBUGS-946 - Warnings in storage cluster operator PowerVS CSI driver deployment
  • OCPBUGS-705 - vSphere privilege checking failing when providing user-defined folder and/or resource pool
  • OCPBUGS-3443 - [4.12] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters
  • OCPBUGS-1979 - Update openshift/etcd Go version to 1.16
  • OCPBUGS-690 - [2112237] [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message “No default StorageClass for this platform” on Alicloud, IBM, Nutanix
  • OCPBUGS-1962 - Controller and speakers are not created with tolerations effect is NoScheduleNoSchedule and tolerationSeconds is set 10
  • OCPBUGS-675 - panic in etcdcli
  • OCPBUGS-1950 - Devfile samples (in Developer Catalog) link doesn’t include the current selected namespace
  • OCPBUGS-670 - Prefer local dns does not work expectedly on OCPv4.12
  • OCPBUGS-1949 - kube-controller log gatherer should limit number of bytes read
  • OCPBUGS-651 - CBO gets confused by Terminating ports when a master fails
  • OCPBUGS-1941 - [4.12] Bootimage bump tracker
  • OCPBUGS-650 - “opm alpha render-veneer semver” raise error when no “Candidate” in config yaml
  • OCPBUGS-1916 - Workloads list page has different HPA action items from details page when All Projects selected
  • OCPBUGS-643 - catsrc is not ready due to “compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied”
  • OCPBUGS-1913 - Agent Installer: Do not fail on deprecated apiVip and ingressVip values
  • OCPBUGS-617 - oc-mirror does not mirror arm64 OCP release payload
  • OCPBUGS-1912 - downstream `opm alpha diff` moving to `oc-mirror`
  • OCPBUGS-613 - oc adm inspect --rotated-pod-logs not working properly for static pods
  • OCPBUGS-2909 - Invalid documentation link in knative-plugin README
  • OCPBUGS-1900 - Bootstrap error in SNO installation
  • OCPBUGS-1896 - [CORS-2260] “create install-config” got error ‘credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode’
  • OCPBUGS-2874 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]
  • OCPBUGS-1881 - [vSphere] cluster destroy get stuck if vm have not tag attached
  • OCPBUGS-967 - Panic in test: [sig-network] IngressClass [Feature:Ingress] should prevent Ingress creation if more than 1 IngressClass marked as default [Serial] [Suite:openshift/conformance/serial]
  • OCPBUGS-2854 - Controlplanmachineset couldn’t be created after deleting a machineset
  • OCPBUGS-1880 - Openshift version upgrade cause multiple worker go in draining node
  • OCPBUGS-2848 - Routes per shard metric inaccurate if using matchExpression
  • OCPBUGS-1877 - download ‘aliyun’
  • OCPBUGS-2837 - Excessive debug logs
  • OCPBUGS-2826 - ovnkube-trace: ofproto/trace fails for IPv6
  • OCPBUGS-1856 - [IBMCloud] install private cluster need manually add a rule to the security group for *sg-kube-api-lb
  • OCPBUGS-2822 - [4.12] EFS csi controller&driver pod are CrashLoopBackOff due to csi-driver container is not running on arm.
  • OCPBUGS-1263 - cri-o should report the stage of container and pod creation it’s stuck at
  • OCPBUGS-2803 - Project auth cache sync blocks list handler
  • OCPBUGS-1853 - [OVNK] ARP doesn’t exist for v6: https://github.com/j-keck/arping/
  • OCPBUGS-2779 - Import: Advanced option sentence is splited into two parts and headlines has no padding
  • OCPBUGS-1831 - failed to run command in pod with network-tools script pod-run-netns-command locally
  • OCPBUGS-2775 - After added/removed label from a namespace, one stats of “route_metrics_controller_routes_per_shard” in Observe >> Metrics page aren’t correct
  • OCPBUGS-1827 - knative service e2e tests are failing
  • OCPBUGS-2774 - [AWS][GCP] the new created nodes are not added to load balancer
  • OCPBUGS-1825 - Ingress Node Firewall rule becomes non-functional when daemons and controller manager deployment are re-deployed
  • OCPBUGS-2757 - rebase should handle idempotency
  • OCPBUGS-1824 - Systemd service been deactivated in limited network environment
  • OCPBUGS-1237 - e2e-gcp-builds is permafailing
  • OCPBUGS-2741 - CPMS failureDomains is not keep consistent with master machines on heterogeneous cluster after upgrade from 4.11 to 4.12
  • OCPBUGS-1810 - must gather for gather_ingress_node_firewall breaks with permission issues
  • OCPBUGS-2726 - Descheduler SoftTopologyAndDuplicates uses Stategy RemovePodsViolatingTopologySpreadConstraint which has invalid mapping
  • OCPBUGS-1806 - OCP cluster install on baremetal fails when hostname of master nodes does not include the text “master” (take 2)
  • OCPBUGS-2656 - VPA E2Es fail due to CSV name mismatch
  • OCPBUGS-2654 - Console OLM Integration Tests Reference Operator Not Present in 4.12 Certified Operators CatalogSource
  • OCPBUGS-1799 - Ironic API proxy pods crash loop if IPv6 is used
  • OCPBUGS-2651 - Pipeline Run nodes should show focus border
  • OCPBUGS-1789 - Users can’t silence alerts from the dev console when dedicated UWM Alertmanager is deployed
  • OCPBUGS-2638 - Switch libvirt VM’s to vnc graphic mode
  • OCPBUGS-1776 - Duplicate “Getting Started” notification will show on Search page for normal user
  • OCPBUGS-1746 - Update the Github App events and permissions
  • OCPBUGS-1268 - HelmChartRepositories has no action menu if the default repo is disabled
  • OCPBUGS-2621 - Enable TechPreview cause cluster error on single node cluster
  • OCPBUGS-1736 - cncc crashloop in proxy deployments
  • OCPBUGS-2592 - CVO hot-loops on Deployment manifests
  • OCPBUGS-1731 - Rebase CoreDNS to 1.10.0, based on k8s 1.25
  • OCPBUGS-1257 - Keepalived health check causes unnecessary VIP flapping when HAProxy is healthy
  • OCPBUGS-2558 - [RFE] Add new Azure instance types to the official “tested/supported” list
  • OCPBUGS-1730 - Bump openshift-router to k8s 1.25
  • OCPBUGS-2512 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
  • OCPBUGS-1718 - prometheus-k8s-0 ends in CrashLoopBackOff with evel=error err="opening storage failed: /prometheus/chunks_head/000002: invalid magic number 0" on SNO after hard reboot tests
  • OCPBUGS-2508 - Worker creation fails within provider networks (as primary and secondary)
  • OCPBUGS-1717 - Image registry panics while deploying OCP in me-central-1 AWS region
  • OCPBUGS-2495 - ‘oc login’ should be robust in the face of gather failures
  • OCPBUGS-1708 - console.openshift.io/use-i18n false in v1alpha API is converted to “” in the v1 APi, which is not a valid value for the enum type declared in the code.?
  • OCPBUGS-2478 - i18n translation missing in “Remove component node from application” modal
  • OCPBUGS-1705 - OVN-Kubernetes master crashing due to too long ACL names during upgrade
  • OCPBUGS-2469 - ControlPlaneMachineSets are not included in must-gathers
  • OCPBUGS-1698 - [vsphere] Installer get panic error when no setting platform.vsphere.failureDomains.topology.networks
  • OCPBUGS-2455 - Pods and PDBs list page just reports ‘Not found’ when no Pod/PDB
  • OCPBUGS-1678 - CI: Backend unit tests fails because devfile registry was updated (mock response)
  • OCPBUGS-1244 - Add PowerVS region mon01 to installer
  • OCPBUGS-1234 - AWS tagging limit hit issue when trying to add more than 10 tags
  • OCPBUGS-2446 - Control Plane Machine Set does not expose errors
  • OCPBUGS-2438 - Help popovers cause error on Observe > Alerting pages
  • OCPBUGS-2437 - Clusters with large numbers of CSVs can cause crashloop, block upgrades
  • OCPBUGS-1256 - [CI-Watcher] e2e issue with tests: Using OLM descriptor components. Using OLM descriptor components deletes operand
  • OCPBUGS-2436 - Installer fails to create ingress.config.openshift.io/cluster on AWS because of missing spec.loadBalancer.platform.aws.type
  • OCPBUGS-1274 - machine-api-termination-handler Pods don’t launch on tainted spot instances
  • OCPBUGS-2435 - Nil-pointer dereference in TestRouterCompressionOperation on e2e-gcp-operator
  • OCPBUGS-1247 - AWS Control Plane machine set are breaking single node clusters
  • OCPBUGS-963 - [OCPonOpenstack] Remove clustername length limitation
  • OCPBUGS-1677 - CI: Backend unit tests fails because devfile registry was updated (fix assertion)
  • OCPBUGS-1533 - sdn rebase to 1.25
  • OCPBUGS-1558 - Bump cluster-dns-operator to k8s 1.25
  • OCPBUGS-595 - Kubelet cannot be started on worker nodes after upgrade to OCP 4.11 (RHCOS 8.6) when custom SELinux policies are applied
  • OCPBUGS-585 - Tuned overwriting IRQBALANCE_BANNED_CPUS
  • OCPBUGS-1554 - Bump cluster-ingress-operator to k8s 1.25
  • OCPBUGS-576 - unbound router_id variable while creating event
  • OCPBUGS-1437 - OLM Reports ResolutionFailed when there are multiple upgrade paths between channel entries
  • OCPBUGS-575 - The lacking securityContext.seccompProfile.type of OLM deployments is blocking OCP upgrade to 4.12
  • OCPBUGS-569 - CVO History Pruner is non-functional, letting history length above MaxHistory
  • OCPBUGS-561 - [4.12] Bootimage bump tracker
  • OCPBUGS-1549 - DNS operator does not reconcile the openshift-dns namespace
  • OCPBUGS-1515 - Join network CIDR not accept v6InternalSubnet fdxx::/48
  • OCPBUGS-548 - The application dropdown menu uses a custom component with a configuration to favorite applications, similar to the Project selection menu, but is inconsistent in the way it looks and behaves.
  • OCPBUGS-1505 - Booting live ISO: /dev/sr0 already mounted or mount point busy
  • OCPBUGS-540 - Input values in Instantiate Template are disappeared randomly in the developer console
  • OCPBUGS-1434 - Downstream Autoscaling Eviction Annotation to OCP 4.12
  • OCPBUGS-533 - member loses rights after some other user login
  • OCPBUGS-527 - Misleading error message when lacking assets to create the installation image
  • OCPBUGS-1324 - Clusters with a custom osImage cannot be upgraded
  • OCPBUGS-525 - Prerelease report bug link should be updated to JIRA instead of Bugzilla
  • OCPBUGS-1512 - [OCP 4.12] Fix generate script in CBO
  • OCPBUGS-523 - Plugin page error boundary message is not cleared after leaving page
  • OCPBUGS-1522 - Regular user cannot open the debug container from pods they created
  • OCPBUGS-1456 - Cluster operator-related tests failing on techpreview because of “platform-operators-aggregated”
  • OCPBUGS-519 - publicIP is allowed in Azure disconnected installation for machines
  • OCPBUGS-514 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
  • OCPBUGS-1502 - PodNetworkConnectivityCheck gatherer reads too much data into memory
  • OCPBUGS-505 - Input box aria-label and name wrong for editing PDB inside Deployments
  • OCPBUGS-1482 - Can’t install clusters with schedulable masters
  • OCPBUGS-499 - ClusterOperator Conditions Update on Reordering
  • OCPBUGS-498 - Update console operator vendor with latest openshift/api
  • OCPBUGS-1503 - configure-ovs.sh fails on unrelated, invalid connection files (non-existing interfaces)
  • OCPBUGS-478 - ironic-machine-os-downloader image is missing virt-* tools in OCP 4.12 nightlies
  • OCPBUGS-1364 - Improve prometheus-adapter consistency
  • OCPBUGS-1489 - [vsphere] one vm folder is not deleted when destroying ocp cluster configured region/zone
  • OCPBUGS-469 - OVN master trying to deleteLogicalPort for object which is already gone
  • OCPBUGS-456 - [4.12] update all ironic related packages to latest bugfix
  • OCPBUGS-1484 - Remove policy/v1beta1 in 4.11 and later
  • OCPBUGS-1351 - health_statuses_insights metrics is showing disabled rules in “total”
  • OCPBUGS-454 - [vsphere] update install-config description for diskType
  • OCPBUGS-1498 - e2e: performance: Verify kernel param rcutree.kthread
  • OCPBUGS-1429 - get updated rpm-ostree in 4.12 bootimages
  • OCPBUGS-451 - Show Git icon in repository link in details page should be based on the git provider
  • OCPBUGS-1479 - PDB list page should only show Create Pod button to user has sufficient permission
  • OCPBUGS-439 - DVO gatherer relies on the namespace name
  • OCPBUGS-1353 - ETCD Operator goes degraded when a second internal node ip is added
  • OCPBUGS-435 - Dropdown items on storageclass creation page need i18n support
  • OCPBUGS-431 - Nutanix platform validations run at `create manifests` stage
  • OCPBUGS-1290 - Update Kafka Sink text description
  • OCPBUGS-428 - Insights Operator should collect helm upgrade and uninstall metric
  • OCPBUGS-426 - [OSP][OVN]unable to create logical router policy for egressIP after update duplicate IP to uniq one
  • OCPBUGS-3265 - Console shouldn’t try to install dynamic plugins if permissions aren’t available
  • OCPBUGS-1318 - Dual stack cluster fails on installation when multi-path routing entries exist
  • OCPBUGS-421 - Disconnected IPI OCP 4.10.22 cluster install on baremetal fails when hostname of master nodes does not include the text "master
  • OCPBUGS-418 - [OCP web console] Search result doesn’t clear when user clears name filter in one-shot for any resources
  • OCPBUGS-1416 - ODC add-page e2e tests doesn’t pass (outdated checks)
  • OCPBUGS-416 - [IBMCloud] The udevadm utility is missing in the IBM Cloud VPC block storage IPI image
  • OCPBUGS-1417 - Disconnected Openshift cluster on AWS having problem with manual egress IP assignment
  • OCPBUGS-407 - [2116382] Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
  • OCPBUGS-1409 - E2E: intermittent failure is seen on tests for devfile
  • OCPBUGS-392 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created
  • OCPBUGS-1470 - i18n: Incorrect plural for maxUnavailable pod count
  • OCPBUGS-2915 - InsightsRecommendationActive should link cluster-specific page
  • OCPBUGS-384 - GCP Filestore csi operator has wrong spec.description in csv files
  • OCPBUGS-1321 - node_exporter collects metrics for “virtual” network interfaces
  • OCPBUGS-1329 - etcd and kube-apiserver pods get restarted due to failed liveness probes while deleting/re-creating pods on SNO
  • OCPBUGS-1402 - panic in cvo pod
  • OCPBUGS-364 - Update ose-baremetal-installer images to be consistent with ART
  • OCPBUGS-1361 - Expect more detail info when report vSphere privilege alert
  • OCPBUGS-1421 - Document how to use RWX vSphere volumes
  • OCPBUGS-3263 - The terraform binaries shipped by the installer are not statically linked
  • OCPBUGS-346 - Failed to create volumesnapshotcontent for gcp-filestore-csi-driver-operator
  • OCPBUGS-1569 - OBC and OB option showing twice to user of a Project on Console
  • OCPBUGS-1044 - There’s an issue with node-exporter pods running when using a bare metal AMD EPYC setup
  • OCPBUGS-1038 - Whereabouts reconciliation should be launched by the CNO when using a conflist
  • OCPBUGS-305 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
  • OCPBUGS-193 - Kebab menu not working properly for helm repository
  • OCPBUGS-3208 - [4.12] SCOS build fails due to pinned kernel
  • OCPBUGS-302 - openshift-install gather bootstrap panics
  • OCPBUGS-987 - Whereabouts should allow non default interfaces to Pod IP list
  • OCPBUGS-184 - [OCP web console] Wrong message “404: Not found” while the user selects an installed operator and navigates from operator hub to installed operator page.
  • OCPBUGS-3204 - Permission denied when write data to mounted gcp filestore volume instance
  • OCPBUGS-1004 - The error message of “opm alpha render-veneer semver” is not correct
  • OCPBUGS-270 - Dev Catalog taking too much time to load in a complete disconnected cluster
  • OCPBUGS-183 - Log line numbers overlap with cut-off rule when number is too big
  • OCPBUGS-3194 - [4.12.z backport][4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails
  • OCPBUGS-268 - vsphere: installer for vsphere does not have steal clock accounting enabled
  • OCPBUGS-180 - Name of “Role” should keep pace with the name in CLI
  • OCPBUGS-262 - downloading govc is impacted by github rate limiting
  • OCPBUGS-1049 - Pod security policy change breaks cluster-ingress-operator’s TestCanaryRoute E2E tests
  • OCPBUGS-171 - VirtualMediaViaExternalNetwork is broken with virtual media TLS
  • OCPBUGS-3179 - Regression in ptp-operator conformance tests
  • OCPBUGS-256 - intra namespace allow network policy doesn’t work after applying ingress&egress deny all network policy
  • OCPBUGS-169 - Console e2e tests broken due to pod security admission controller
  • OCPBUGS-3177 - RHCOS 4.12/s390x kdump is failling, disable test
  • OCPBUGS-246 - Incorrect retry cause false positive in CNF tests
  • OCPBUGS-1029 - Developer catalog fails to load
  • OCPBUGS-165 - Spike in pod-latency graph observed due to ovnkube-master restarts
  • OCPBUGS-1641 - irqbalance: add unit to clear the cpu ban list
  • OCPBUGS-238 - ReEnable e2e tests for knative
  • OCPBUGS-977 - SR-IOV MutiNetworkPolicy: Rules are not removed after disabling multinetworkpolicy
  • OCPBUGS-122 - Error: open /etc/nsswitch.conf: permission denied and Error: open ./db-609956243: permission denied
  • OCPBUGS-236 - custom ingress-controller can’t be deleted
  • OCPBUGS-978 - leases not gracefully released in OCM
  • OCPBUGS-2373 - When changing a lb service to another type, the freed ip is not reused
  • OCPBUGS-999 - aws driver toolkit jobs are permafailing
  • OCPBUGS-224 - Missing $SEARCH domain in /etc/resolve.conf for OCP v4.9.31 cluster
  • OCPBUGS-216 - kuryr-controller timing out liveness probe
  • OCPBUGS-78 - Uninstalled operator can’t be reinstalled if it included a conversion webhook
  • OCPBUGS-212 - co/kube-controller-manager degraded: GarbageCollectorDegraded: error fetching rules: Get "https://thanos-querier.openshift-monitoring.svc:9091/api/v1/rules": dial tcp 172.30.153.28:9091: connect: cannot assign requested address
  • OCPBUGS-990 - HyperShift 4.12 jobs fail to install csi-snapshot-controller-operator
  • OCPBUGS-69 - No event log was emitted when egressIP exceeds capacity limit for cloud providers with SDN plugin
  • OCPBUGS-208 - Race condition when creating / deleting mac_address_pairs
  • OCPBUGS-2372 - Duplicate addresses when the controller is restarted
  • OCPBUGS-1000 - Allow scale-down of unhealthy member when it doesn’t violate quorum
  • OCPBUGS-1017 - Can’t cancel login when using multi-cluster
  • OCPBUGS-2369 - NPE on topology if creates a k8s svc and KSVC which has no metadata in template
  • OCPBUGS-985 - Metal serial tests are failing on webhook admission about provisioningDHCPRange
  • OCPBUGS-2362 - OVN-K alerts must be set to the correct severity level
  • OCPBUGS-1067 - [vsphere-CSI-Driver-Operator] The storageclass “thin-csi” could not be re-created after deleting
  • OCPBUGS-2360 - [IPI on Baremetal] ipv6 support issue in metal3-httpd
  • OCPBUGS-3436 - domain 24 missing from phc2sys options
  • OCPBUGS-2354 - co/storage is not available due to csi driver not have proxy setting on ibm cloud
  • OCPBUGS-1068 - Correct namespace for SimpleContentAccessNotAvailable
  • OCPBUGS-2346 - Remove namespace and name from gathered DVO metrics
  • OCPBUGS-943 - Could not import Devfile after testing a non-Devfile version
  • OCPBUGS-2340 - OnDelete update strategy cannot work when master machines are not index as 0, 1, 2
  • OCPBUGS-3115 - [2117255] Failed to dump flows for flow sync, stderr: “ovs-ofctl: br-ext is not a bridge or a socket”
  • OCPBUGS-2338 - Confusing error messages when missing VIPs
  • OCPBUGS-1570 - Event Sources not shown in topology
  • OCPBUGS-2334 - NE-956: Configurable LB Source Ranges breaks TestScopeChange
  • OCPBUGS-3094 - [4.12] The control plane should tag AWS security groups at creation
  • OCPBUGS-2330 - events.events.k8s.io is forbidden: User “system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand” cannot create resource “events” in API group “events.k8s.io” in the namespace “e2e-test-default-b6y9atnu-jxz6p”
  • OCPBUGS-3081 - monitor not working with UDP lb when externalTrafficPolicy: Local
  • OCPBUGS-3428 - [4.12] Skip broken [sig-devex][Feature:ImageEcosystem] tests
  • OCPBUGS-2328 - Panic observed: runtime error: index out of range
  • OCPBUGS-3080 - [4.12] RPS hook only sets the first queue, but there are now many
  • OCPBUGS-3425 - [release-4.12] Azure Disk CSI Driver Operator gets degraded without “CSISnapshot” capability
  • OCPBUGS-2327 - Add validation for releaseImage and mirror
  • OCPBUGS-3071 - [4.12][AWS] curl network Loadbalancer always get “Connection time out”
  • OCPBUGS-2325 - Add e2e test cases for INF spec.ingress
  • OCPBUGS-3366 - Disconnected cluster installation fails with pull secret must contain auth for “registry.ci.openshift.org”
  • OCPBUGS-2322 - Kuryr does not accept application credentials
  • OCPBUGS-3363 - openshift-ingress-operator with mTLS does not download CRL
  • OCPBUGS-2316 - Ingress-node-Firewall:Mixing ICMP v4 and v6 config causes a panic
  • OCPBUGS-3035 - 4.12 backport: Multiple extra manifests in the same file are not applied correctly
  • OCPBUGS-3359 - Revert BUILD-407
  • OCPBUGS-2301 - [gcp][CORS-1774] with "createFirewallRules: Enabled", after successful “create cluster” and then "destroy cluster", the created firewall-rules in the shared VPC are not deleted
  • OCPBUGS-3028 - panic in WaitForBootstrapComplete
  • OCPBUGS-3352 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates
  • OCPBUGS-3022 - GCP: missing multiple regions
  • OCPBUGS-3346 - [perf/scale] libovsdb builds transaction logs but throws them away
  • OCPBUGS-3019 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node
  • OCPBUGS-3343 - [vsphere] installation fails when setting user-defined folder in failure domain
  • OCPBUGS-2269 - “error: No enabled repositories” on upgrade with kernelType: realtime enabled
  • OCPBUGS-3003 - Ignore non-ready endpoints when processing endpointslices
  • OCPBUGS-1636 - The platform-operators-aggregated cannot be created after enabling TechPreviewNoUpgrade
  • OCPBUGS-3340 - Environment cannot find Python
  • OCPBUGS-1616 - masters unavailable & mco degraded in bootstrap techpreview jobs
  • OCPBUGS-3306 - Agent installer does not support dualstack VIPs
  • OCPBUGS-2265 - Allow passing documentation links for alerts
  • OCPBUGS-2984 - [RFE] 4.12 Azure DiskEncryptionSet static validation does not support upper-case letters
  • OCPBUGS-3297 - Bugfix in privileged-daemonset and better dependencies
  • OCPBUGS-2262 - [gcp][CORS-1774] “platform.gcp.publicDNSZone” and “platform.gcp.privateDNSZone” should be for existing DNS zones
  • OCPBUGS-1629 - Facing issue while configuring egress IP pool in OCP cluster which uses STS
  • OCPBUGS-2979 - [4.12] automatic replacement of an unhealthy member machine
  • OCPBUGS-3289 - [IBMCloud] Worker machines unreachable during initial bring up
  • OCPBUGS-2249 - Conditional gatherer cluster_version_matches issues
  • OCPBUGS-2975 - PTP 4.12 - PTP - AMQ HTTP on event caused ptp stopped working after fresh deployment
  • OCPBUGS-3281 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it
  • OCPBUGS-1621 - The CSV of the operator does not have timestamp
  • OCPBUGS-2974 - administrator console, monitoring-alertmanager-edit user list or create silence, “Observe - Alerting - Silences” page is pending
  • OCPBUGS-3279 - Service-ca controller exits immediately with an error on sigterm
  • OCPBUGS-1645 - CPMS should handle clusters where Masters are not indexed from 0
  • OCPBUGS-198 - Kuryr-Controller Restarting on KuryrPort with missing pod
  • OCPBUGS-2918 - Update Prometheus Alerts
  • OCPBUGS-2227 - VPA Operator not enabled in 4.12
  • OCPBUGS-3075 - [4.12] ovn-k network policy races
  • OCPBUGS-3111 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations
  • OCPBUGS-3694 - [4.12] Router e2e: drop template.openshift.io apigroup dependency
  • OCPBUGS-3696 - Surface ClusterVersion RetrievedUpdates condition messages
  • OCPBUGS-3754 - Create Alertmanager silence form does not explain the new “Negative matcher” option
  • OCPBUGS-2998 - OCP 4.12 Driver Toolkit (DTK) mismatch in kernel package and node kernel versions
  • OCPBUGS-3398 - 4.12 backport: Unable to configure cluster-wide proxy
  • OCPBUGS-3464 - IBM operator needs deployment manifest fixes
  • OCPBUGS-3468 - Disable check_pkt_length in OVN-K for OvS Hardware Offload Cases
  • OCPBUGS-3479 - [4.12] Baremetal Provisioning fails on HP Gen9 systems due to eTag handling
  • OCPBUGS-3483 - Minor test fixes related to getting updated profile and checking kubeletconfiguration
  • OCPBUGS-3493 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns
  • OCPBUGS-3503 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation
  • OCPBUGS-3510 - Update cluster-authentication-operator not to go degraded without console
  • OCPBUGS-3557 - [4.12] provisioning of baremetal nodes fails when using multipath device as rootDeviceHints
  • OCPBUGS-3571 - Placeholder bug for OCP 4.12.0 metadata release
  • OCPBUGS-3650 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags
  • OCPBUGS-3663 - don’t enforce PSa in 4.12
  • OCPBUGS-1904 - CSI driver operators are degraded without “CSISnapshot” capability
  • OCPBUGS-3772 - Default for spec.to.weight missing from Route CRD schema
  • OCPBUGS-3523 - Operator attempts to render both GA and Tech Preview API Extensions
  • OCPBUGS-3658 - OVN-Kubernetes should not send IPs with leading zeros to OVN
  • OCPBUGS-3700 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs
  • OCPBUGS-3763 - PTP operator: Use priority class node critical
  • OCPBUGS-3770 - cvo pod crashloop during bootstrap: featuregates: connection refused
  • OCPBUGS-3927 - “Error loading” when normal user check operands on All namespaces
  • OCPBUGS-3944 - Handle 0600 kubeconfig
  • OCPBUGS-3958 - [4.12] Use kernel-rt from ose repo
  • OCPBUGS-3966 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
  • OCPBUGS-4001 - fix operator naming convention
  • OCPBUGS-4004 - Consistent e2e test failure:Events.Events: event view displays created pod
  • OCPBUGS-4043 - [2109965] oci hook Low-latency-hooks causing high container creation times under platform cpu load
  • OCPBUGS-4063 - Fails to deprovision cluster when swift omits ‘content-type’
  • OCPBUGS-4083 - CCM not able to remove a LB in ERROR state
  • OCPBUGS-4097 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
  • OCPBUGS-4112 - Remove autoscaling/v2beta2 in 4.12 and later
  • OCPBUGS-4116 - Re-enable pipeline CI tests
  • OCPBUGS-3307 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed
  • OCPBUGS-3348 - 4.12: When adding nodes, the overlapped node-subnet can be allocated.
  • OCPBUGS-3406 - [gcp][CORS-1774] with both “id” and “project” specified for "privateDNSZone", it seems installer doesn’t horner “project”
  • OCPBUGS-3437 - cloud-network-config-controller not using proxy settings of the management cluster
  • OCPBUGS-3455 - track `rhcos-4.12` branch for fedora-coreos-config submodule
  • OCPBUGS-3459 - Installer does not always add router CA to kubeconfig
  • OCPBUGS-3504 - [4.12] Incorrect network configuration in worker node with two interfaces
  • OCPBUGS-3515 - Need validation rule for supported arch
  • OCPBUGS-3519 - Assisted service should always use first matching mirror for release image
  • OCPBUGS-3520 - Install ends in preparing-failed due to container-images-available validation
  • OCPBUGS-3774 - Unable to use application credentials for Cinder CSI after OpenStack credentials update
  • OCPBUGS-3780 - Route CRD validation behavior must be the same as openshift-apiserver behavior
  • OCPBUGS-3786 - Should show information on page if the upgrade to a target version doesn’t take effect.
  • OCPBUGS-3811 - Automation Offline CPUs Test cases
  • OCPBUGS-3837 - service account token secret reference
  • OCPBUGS-3851 - [4.12][Dual Stack] ovn-ipsec crashlooping due to cert signing issues
  • OCPBUGS-3874 - masters repeatedly losing connection to API and going NotReady
  • OCPBUGS-3875 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior
  • OCPBUGS-3878 - RouteTargetReference missing default for “weight” in Route CRD v1 schema
  • OCPBUGS-3884 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator
  • OCPBUGS-3889 - Egress router POD creation is failing while using openshift-sdn network plugin
  • OCPBUGS-3276 - Pin down dependencies on CMO release 4.12
  • OCPBUGS-4121 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue.
  • OCPBUGS-2635 - Ingress operator degraded during 3+1 deployment due to insufficient worker nodes
  • OCPBUGS-3055 - 4.12 backport: Wait-for install-complete did not exit upon completion.
  • OCPBUGS-3175 - CIRO unable to detect swift when it speaks HTTP2
  • OCPBUGS-3824 - [4.12] Ipsec pods restart due to liveness probes fail in cluster with more than 150 +
  • OCPBUGS-3871 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster
  • OCPBUGS-4339 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver
  • OCPBUGS-3333 - Console should be using v1 apiVersion for ConsolePlugin model
  • OCPBUGS-2896 - Refactor retry logic into a separate pkg
  • OCPBUGS-4292 - Backport specify resources.requests for operator pod
  • OCPBUGS-4303 - Backport Specify resources.requests for operator pod
  • OCPBUGS-4308 - sanitize agent-gather output
  • OCPBUGS-4311 - [4.12] Improve ironic logging configuration in metal3
  • OCPBUGS-3956 - CNO reporting incorrect status
  • OCPBUGS-4040 - Authentication operator doesn’t respond to console being enabled
  • OCPBUGS-4064 - Install failure in create-cluster-and-infraenv.service
  • OCPBUGS-4068 - Shouldn’t need to put host data in platform baremetal section in installconfig
  • OCPBUGS-4117 - Re-enable serverless CI tests
  • OCPBUGS-4118 - Kube-State-metrics pod fails to start due to panic
  • OCPBUGS-4183 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed
  • OCPBUGS-4193 - [4.12] etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded
  • OCPBUGS-4195 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down
  • OCPBUGS-4218 - highperformance irq balancing support causes the /etc/sysconfig/irqbalance to slowly grow unbounded
  • OCPBUGS-4223 - Fix tuning plugin vlan handling
  • OCPBUGS-4230 - CNCC: Wrong log format for Azure locking
  • OCPBUGS-4234 - Updating ose-cloud-network-config-controller images to be consistent with ART
  • OCPBUGS-4235 - Updating ose-cloud-network-config-controller images to be consistent with ART
  • OCPBUGS-4250 - Backport PodNetworkConnectivityCheck for must-gather
  • OCPBUGS-3798 - [4.12] Bump OVS control plane to get “ovsdb/transaction.c: Refactor assess_weak_refs.”
  • OCPBUGS-1994 - Unrevert needed for jsonnet deps update PR
  • OCPBUGS-3249 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]
  • OCPBUGS-3378 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.
  • OCPBUGS-3390 - [release-4.12] 4.11 SNOs fail to complete install because of “failed to get pod annotation: timed out waiting for annotations: context deadline exceeded”
  • OCPBUGS-3397 - Avoid re-metric’ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election
  • OCPBUGS-3442 - Datastore name is too long
  • OCPBUGS-4505 - [4.12] Pod stuck in containerCreating state when the node on which it is running is Terminated
  • OCPBUGS-4526 - hypershift: csi-snapshot-controller uses wrong kubeconfig
  • OCPBUGS-4527 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig
  • OCPBUGS-4544 - Remove debug level logging on openshift-config-operator
  • OCPBUGS-4554 - [4.12] OVN silently failing in case of a stuck pod
  • OCPBUGS-4660 - Debug log messages missing from output and Info messages malformed
  • OCPBUGS-4251 - HyperShift control plane operators have wrong priorityClass
  • OCPBUGS-4299 - Backport Specify resources.requests for operator pod
  • OCPBUGS-4342 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure
  • OCPBUGS-4356 - Reply packet for DNS conversation to service IP uses pod IP as source
  • OCPBUGS-4361 - [release-4.12] bp ovnkube-trace changes to 4.12
  • OCPBUGS-4365 - `oc-mirror` will hit error when use docker without namespace for OCI format mirror
  • OCPBUGS-4366 - Update Kubernetes to 1.25.4
  • OCPBUGS-4369 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
  • OCPBUGS-4379 - apply retry logic to ovnk-node controllers
  • OCPBUGS-4397 - Route/v1 defaulting for target kind and termination must be sharable between openshift-apiserver and kube-apiserver
  • OCPBUGS-4399 - Adding back SKIP_INTERFACES
  • OCPBUGS-4421 - Dockerfile for building ironic-image for OKD does not take into account variant scos
  • OCPBUGS-4422 - Implement LIST call chunking in openshift-sdn
  • OCPBUGS-4431 - KubePodNotReady - Increase Tolerance During Master Node Restarts
  • OCPBUGS-4453 - metal-ipi upgrade success rate dropped 30+% in last week
  • OCPBUGS-4458 - Node Terminal tab results in error
  • OCPBUGS-4479 - [4.12] Dockerfile for building ironic-image for OKD does not take into account variant scos
  • OCPBUGS-4484 - `oc-mirror` will hit error when use docker without namespace for OCI format mirror
  • OCPBUGS-4488 - Prometheus and Alertmanager incorrect ExternalURL configured
  • OCPBUGS-4489 - Prometheus continuously restarts due to slow WAL replay
  • OCPBUGS-4499 - CSR are generated with incorrect Subject Alternate Names
  • OCPBUGS-4504 - Default to floating automaticRestart for new GCP instances
  • OCPBUGS-4199 - route-controller-manager not creating routes in 4.12
  • OCPBUGS-4627 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8
  • OCPBUGS-3841 - Remove flowcontrol/v1beta1 release manifests in 4.12 and later
  • OCPBUGS-4048 - Prometheus doesn’t reload TLS certificate and key files on disk
  • OCPBUGS-2927 - CI jobs are failing with: admission webhook “validation.csi.vsphere.vmware.com” denied the request
  • OCPBUGS-4414 - [OCI feature] registries.conf support in oc mirror
  • OCPBUGS-4840 - [4.12] The property TransferProtocolType is required for VirtualMedia.InsertMedia
  • OCPBUGS-4884 - [4.12] Pods completed + deleted may leak
  • OCPBUGS-4911 - [Azure]Availability Set will be created when vmSize is invalid in a region which has zones
  • OCPBUGS-4951 - OLM K8s Dependencies should be at 1.25
  • OCPBUGS-4547 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]
  • OCPBUGS-4599 - Bump samples operator k8s dep to 1.25.2 for 4.12
  • OCPBUGS-4601 - `oc-mirror` does not work as expected relative path for OCI format copy
  • OCPBUGS-4637 - Support RHOBS monitoring for HyperShift in CNO
  • OCPBUGS-4653 - [4.12] Fixes for RHCOS 9 based on RHEL 9.0
  • OCPBUGS-4667 - vsphere-hostname should check that /etc/hostname is not empty
  • OCPBUGS-4681 - [release-4.12] remove unnecessary RBAC in KCM
  • OCPBUGS-4698 - Some nmstate validations are skipped when NM config is in agent-config.yaml
  • OCPBUGS-4721 - GCP: missing me-west1 region
  • OCPBUGS-4760 - [4.12] Network Policy executes duplicate transactions for every pod update
  • OCPBUGS-4766 - limit cluster-policy-controller RBAC permissions
  • OCPBUGS-4779 - Update openshift/builder release-4.12 to go1.19
  • OCPBUGS-4783 - [4.12] egressIP annotations not present on OpenShift on Openstack multiAZ installation
  • OCPBUGS-4784 - [4.12] egressIP annotation including two interfaces when multiple networks
  • OCPBUGS-4796 - OLM generates invalid component selector labels
  • OCPBUGS-4803 - Update formatting with gofmt for go1.19
  • OCPBUGS-4805 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting
  • OCPBUGS-4808 - Use shared library in admission to default Routes served via CRD
  • OCPBUGS-4837 - [4.12] Pod LSP missing from PortGroup
  • OCPBUGS-3890 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install
  • OCPBUGS-3930 - Local Storage Operator (LSO) not available in OperatorHub for OCP 4.12 on Z ec.5 and rc.0 builds
  • OCPBUGS-4503 - [4.12] [OVNK] Add support for service session affinity timeout
  • OCPBUGS-2052 - [4.12] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450
  • OCPBUGS-4286 - [4.12] ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update
  • OCPBUGS-4407 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
  • OCPBUGS-3639 - The architecture field in sig image definition for hyperVGeneration V1 needs to match rhcos_image architecture
  • OCPBUGS-4035 - Topology gets stuck loading
  • OCPBUGS-4189 - Route CRD vs. OCP defaulting disparity
  • OCPBUGS-3037 - [apiserver-auth] default SCC restricted allow volumes don’t have “ephemeral” caused deployment with Generic Ephemeral Volumes stuck at Pending
  • OCPBUGS-4098 - [4.12] Egress IP Health Check Is Not Compatible With VF (Hardware Backed) Management Port
  • OCPBUGS-4686 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS
  • OCPBUGS-4696 - [4.12] SNO not able to bring up Provisioning resource in 4.11.17
  • OCPBUGS-4763 - Revert Catalog PSA decisions for 4.13 (Marketplace)
  • OCPBUGS-5100 - virtual media provisioning fails when iLO Ironic driver is used
  • OCPBUGS-3881 - Revert Catalog PSA decisions for 4.12
  • OCPBUGS-4013 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can’t be changed by typing in it.
  • OCPBUGS-3311 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error “alicloud: unable to split instanceid and region from providerID”
  • OCPBUGS-4362 - Hard eviction thresholds is different with k8s default when PAO is enabled
  • OCPBUGS-2152 - RHCOS VM fails to boot on IBM Power (ppc64le) - 4.12
  • OCPBUGS-2995 - [4.12] Unable to gather OpenStack console logs since kernel cmd line has no console args
  • OCPBUGS-2997 - [4.12] Bootimage bump tracker
  • OCPBUGS-4789 - [OCP 4.12] ironic container images have old packages
  • OCPBUGS-4847 - OnDelete update strategy create two replace machines when deleting a master machine
  • OCPBUGS-4869 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener
  • OCPBUGS-5019 - Fails to deprovision cluster when swift omits ‘content-type’ and there are empty containers
  • OCPBUGS-5067 - [4.12] coreos-installer output not available in the logs
  • OCPBUGS-4897 - Developer Topology always blanks with large contents when first rendering
  • OCPBUGS-4943 - Need to wait longer for VM to obtain IP from DHCP
  • OCPBUGS-5072 - [4.12] ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged
  • OCPBUGS-5143 - provisioning on ilo4-virtualmedia BMC driver fails with error: “Creating vfat image failed: Unexpected error while running command”
  • OCPBUGS-5156 - [release-4.12] Azure: unable to configure EgressIP if an ASG is set
  • OCPBUGS-5185 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX
  • OCPBUGS-5190 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
  • OCPBUGS-5191 - Add support for API version v1beta1 for knativeServing and knativeEventing
  • OCPBUGS-5253 - Missing ‘ImageContentSourcePolicy’ and ‘CatalogSource’ in the oci fbc feature implementation
  • OCPBUGS-5289 - Multus: Interface name contains an invalid character / [ocp 4.12]
  • OCPBUGS-4383 - Don’t log in iterateRetryResources when there are no retry entries
  • OCPBUGS-4478 - Backport: Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters
  • OCPBUGS-4533 - [release-4.12] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
  • OCPBUGS-4649 - No indication of early installation failures
  • OCPBUGS-5387 - EUS upgrade: rpm-ostree clean up timeout was reached
  • OCPBUGS-3293 - WriteRequestBodies audit profile records routes/status events at RequestResponse level
  • OCPBUGS-3379 - [release-4.12] CephCluster and StorageCluster resources use the same paths
  • OCPBUGS-3899 - [2035720] [IPI on Alibabacloud] deploying a private cluster by ‘publish: Internal’ failed due to ‘dns_public_record’
  • OCPBUGS-5417 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.
  • OCPBUGS-4962 - openshift-install agent wait-for install-complete errors out before the cluster installation completes
  • OCPBUGS-3651 - DaemonSet “/openshift-network-diagnostics/network-check-target” is not available
  • OCPBUGS-5455 - Baremetal host data is still sometimes required
  • OCPBUGS-5474 - [4.12]Default CatalogSource aren’t created in restricted mode
  • OCPBUGS-5384 - Old AWS boot images vs. 4.12: unknown provider ‘ec2’
  • OCPBUGS-5442 - Placeholder bug for OCP 4.12.0 microshift release
  • OCPBUGS-5444 - Reported vSphere Connection status is misleading

CVEs

  • CVE-2021-4235
  • CVE-2021-22570
  • CVE-2021-38561
  • CVE-2022-1705
  • CVE-2022-2879
  • CVE-2022-2880
  • CVE-2022-2995
  • CVE-2022-3162
  • CVE-2022-3172
  • CVE-2022-3259
  • CVE-2022-3466
  • CVE-2022-21698
  • CVE-2022-24302
  • CVE-2022-27664
  • CVE-2022-30631
  • CVE-2022-32148
  • CVE-2022-32189
  • CVE-2022-32190
  • CVE-2022-41316
  • CVE-2022-41715
  • CVE-2022-42010
  • CVE-2022-42011
  • CVE-2022-42012
  • CVE-2022-42898
  • CVE-2023-0296

Red Hat OpenShift Container Platform 4.12 for RHEL 9

SRPM

x86_64

Red Hat OpenShift Container Platform 4.12 for RHEL 8

SRPM

x86_64

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9

SRPM

ppc64le

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8

SRPM

ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9

SRPM

s390x

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8

SRPM

s390x

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9

SRPM

aarch64

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8

SRPM

aarch64

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-3172: CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF) · Issue #112513 · kubernetes/kubernetes

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

CVE-2022-3466

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.

Red Hat Security Advisory 2023-4674-01

Red Hat Security Advisory 2023-4674-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.30.

Red Hat Security Advisory 2023-4488-01

Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

GHSA-9mh8-9j64-443f: HashiCorp Vault's revocation list not respected

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

RHSA-2023:3915: Red Hat Security Advisory: OpenShift Container Platform 4.11.44 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...

RHSA-2023:3615: Red Hat Security Advisory: OpenShift Container Platform 4.12.22 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

Red Hat Security Advisory 2023-3609-01

Red Hat Security Advisory 2023-3609-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3609: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.4 security and Bug Fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.4 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties.

RHSA-2023:3541: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

RHSA-2023:3296: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.4 security fixes and container updates

Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...

RHSA-2023:3216: Red Hat Security Advisory: OpenShift Container Platform 4.10.60 packages and security update

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:0584: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...

Red Hat Security Advisory 2023-1325-01

Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2023-1328-01

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-1326-01

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

RHSA-2023:3204: Red Hat Security Advisory: OpenShift Virtualization 4.13.0 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown. * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language pack...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

Red Hat Security Advisory 2023-2802-01

Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.

RHSA-2023:2780: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, ...

RHSA-2023:2204: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, ...

RHSA-2023:2193: Red Hat Security Advisory: butane security, bug fix, and enhancement update

An update for butane is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown. * CVE-2022-32189: An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode an...

Red Hat Security Advisory 2023-2041-01

Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

Red Hat Security Advisory 2023-1656-01

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Red Hat Security Advisory 2023-1655-01

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

RHSA-2023:1655: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected acti...

Red Hat Security Advisory 2023-1529-01

Red Hat Security Advisory 2023-1529-01 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-1448-01

Red Hat Security Advisory 2023-1448-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-1275-01

Red Hat Security Advisory 2023-1275-01 - An update for etcd is now available for Red Hat OpenStack Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:1275: Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by rev...

Red Hat Security Advisory 2023-1174-01

Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1174: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...

Red Hat Security Advisory 2023-1079-01

Red Hat Security Advisory 2023-1079-01 - An update for osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2 (Train).

RHSA-2023:1042: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-1962: A flaw was found in the golang standard library, go/par...

CVE-2022-3162: CVE-2022-3162: Unauthorized read of Custom Resources · Issue #113756 · kubernetes/kubernetes

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.

RHSA-2023:0890: Red Hat Security Advisory: OpenShift Container Platform 4.12.5 security update

Red Hat OpenShift Container Platform release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to cra...

Red Hat Security Advisory 2023-0918-01

Red Hat Security Advisory 2023-0918-01 - Service Binding manages the data plane for applications and backing services.

RHSA-2023:0774: Red Hat Security Advisory: OpenShift Container Platform 4.11.28 security update

Red Hat OpenShift Container Platform release 4.11.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

Red Hat Security Advisory 2023-0772-01

Red Hat Security Advisory 2023-0772-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.12.4.

RHSA-2023:0772: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat build of MicroShift release 4.12.4 is now available with updates to packages and images that fix several bugs. This release includes a security update for the Red Hat build of MicroShift 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3162: A flaw was found in kubernetes. Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different kind in the same API group they are not authorized to read...

RHSA-2023:0769: Red Hat Security Advisory: OpenShift Container Platform 4.12.4 security update

Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total numb...

Red Hat Security Advisory 2023-0727-01

Red Hat Security Advisory 2023-0727-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.3.

Red Hat Security Advisory 2023-0794-01

Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:0794: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.4 bug fixes and security updates

Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...

Red Hat Security Advisory 2023-0574-01

Red Hat Security Advisory 2023-0574-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.55. Issues addressed include a bypass vulnerability.

RHSA-2023:0574: Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update

Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue ...

Red Hat Security Advisory 2023-0708-01

Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

Red Hat Security Advisory 2023-0569-01

Red Hat Security Advisory 2023-0569-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-0570-01

Red Hat Security Advisory 2023-0570-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.

RHSA-2023:0569: Red Hat Security Advisory: OpenShift Container Platform 4.12.2 security update

Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. * CVE-2021-4238: A f...

RHSA-2023:0570: Red Hat Security Advisory: OpenShift Container Platform 4.12.2 security update

Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

CSAF VEX documents now generally available

<p>In June 2022, we started <a href="https://www.redhat.com/en/blog/common-security-advisory-framework-csaf-beta-files-now-available">publishing CSAF advisory files</a> in their beta format, hoping to gather feedback from customers, partners, and the security community. With your inputs we worked on improving the final version of the files and they are now ready for public consumption in production use cases at <a href="https://access.redhat.com/security/data/csaf/v2/advisories/">https://access.redhat.c

Red Hat Security Advisory 2023-0542-01

Red Hat Security Advisory 2023-0542-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Issues addressed include denial of service and spoofing vulnerabilities.

RHSA-2023:0542: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update

Red Hat OpenShift Service Mesh 2.3.1 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-3962: kiali: error message spoofing in kiali UI * CVE-2022-27664: golang: ...

Red Hat Security Advisory 2023-0468-01

Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0466-01

Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Red Hat Security Advisory 2023-0467-01

Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.

RHSA-2023:0470: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42920: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

Red Hat Security Advisory 2023-0446-01

Red Hat Security Advisory 2023-0446-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Red Hat Security Advisory 2023-0445-01

Red Hat Security Advisory 2023-0445-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

RHSA-2023:0446: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

RHSA-2023:0445: Red Hat Security Advisory: go-toolset-1.18 security update

An update for go-toolset-1.18 and go-toolset-1.18-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

Red Hat Security Advisory 2023-0241-01

Red Hat Security Advisory 2023-0241-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.50.

RHSA-2023:0241: Red Hat Security Advisory: OpenShift Container Platform 4.10.50 bug and security update

Red Hat OpenShift Container Platform release 4.10.50 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

RHSA-2023:0328: Red Hat Security Advisory: go-toolset and golang security and bug fix update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps

Red Hat Security Advisory 2023-0069-01

Red Hat Security Advisory 2023-0069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.24.

Red Hat Security Advisory 2023-0264-01

Red Hat Security Advisory 2023-0264-01 - An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

RHSA-2023:0069: Red Hat Security Advisory: OpenShift Container Platform 4.11.24 bug and security update

Red Hat OpenShift Container Platform release 4.11.24 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

RHSA-2023:0264: Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update

An update for Logging Subsystem (5.6.0) is now available for Red Hat OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server error...

Red Hat Security Advisory 2022-7399-01

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7398-02

Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.

CVE-2023-0296: Invalid Bug ID

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2023-0096-01

Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

GHSA-r88r-gmrh-7j83: YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235: Add logic to catch cases of alias abuse. · go-yaml/yaml@bb4e33b

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-38561

golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

RHSA-2022:8893: Red Hat Security Advisory: OpenShift Container Platform 4.11.20 security update

Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8977-01

Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

RHSA-2022:9029: Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.5.3-3]

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

Red Hat Security Advisory 2022-8964-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8977: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8938: Red Hat Security Advisory: Release of OpenShift Serverless 1.26.0

Release of OpenShift Serverless 1.26.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CVE-2022-41296: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

CVE-2022-3259: Invalid Bug ID

Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8847-01

Red Hat Security Advisory 2022-8847-01 - An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train).

Red Hat Security Advisory 2022-8863-01

Red Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:8863: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 16.1.9 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

RHSA-2022:8860: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (protobuf) security update

An update for protobuf is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

RHSA-2022:8847: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (protobuf) security update

An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

RHSA-2022:8845: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

Red Hat Security Advisory 2022-8812-01

Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

RHSA-2022:8812: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...

Red Hat Security Advisory 2022-8662-01

Red Hat Security Advisory 2022-8662-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8663-01

Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8626-01

Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8626-01

Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.

RHSA-2022:8626: Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update

Red Hat OpenShift Container Platform release 4.11.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32148: golang: net/http/ht...

RHSA-2022:8626: Red Hat Security Advisory: OpenShift Container Platform 4.11.17 packages and security update

Red Hat OpenShift Container Platform release 4.11.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32148: golang: net/http/ht...

Red Hat Security Advisory 2022-8638-01

Red Hat Security Advisory 2022-8638-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8640-01

Red Hat Security Advisory 2022-8640-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2022-8634-01

Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

RHSA-2022:8648: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8640: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8641: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8637: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

Red Hat Security Advisory 2022-8535-01

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8535-01

Red Hat Security Advisory 2022-8535-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-8534-01

Red Hat Security Advisory 2022-8534-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.16. Issues addressed include a denial of service vulnerability.

RHSA-2022:8535: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update

Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, po...

RHSA-2022:8535: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update

Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, po...

RHSA-2022:8534: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update

Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

Red Hat Security Advisory 2022-8008-01

Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2022-7970-01

Red Hat Security Advisory 2022-7970-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

RHSA-2022:8098: Red Hat Security Advisory: toolbox security and bug fix update

An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

RHSA-2022:8008: Red Hat Security Advisory: buildah security and bug fix update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...

RHSA-2022:7954: Red Hat Security Advisory: podman security and bug fix update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2021-4024: podman: podman machine spawns gvproxy with port bound to all IPs * CVE-2021-20199: podman: Remote traffic to rootless containers is seen as orgin...

RHSA-2022:7970: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

Red Hat Security Advisory 2022-7457-01

Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-7648-01

Red Hat Security Advisory 2022-7648-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2022-7648-01

Red Hat Security Advisory 2022-7648-01 - The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Red Hat Security Advisory 2022-7464-01

Red Hat Security Advisory 2022-7464-01 - The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Red Hat Security Advisory 2022-7529-01

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-7529-01

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2022:7464: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

RHSA-2022:7548: Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update

An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service

RHSA-2022:7648: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:7648: Red Hat Security Advisory: grafana-pcp security update

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE...

RHSA-2022:7469: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities

RHSA-2022:7519: Red Hat Security Advisory: grafana security, bug fix, and enhancement update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23648: sanitize-url: XSS due to improper sanitization in sanitizeUrl function * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21673: grafana: Forward OAuth Identity Token can allow users to access some data sources * CVE-2022-2169...

RHSA-2022:7261: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Ubuntu Security Notice USN-5704-1

Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

Red Hat Security Advisory 2022-7129-01

Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7129-01

Red Hat Security Advisory 2022-7129-01 - Git Large File Storage replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Issues addressed include a denial of service vulnerability.

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

RHSA-2022:7129: Red Hat Security Advisory: git-lfs security and bug fix update

An update for git-lfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWA...

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-41715: [security] Go 1.19.2 and Go 1.18.7 are released

Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.

CVE-2022-2879: archive/tar: unbounded memory consumption when reading headers · Issue #54853 · golang/go

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.

CVE-2022-2880: net/http/httputil: ReverseProxy should not forward unparseable query parameters · Issue #54663 · golang/go

Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.

CVE-2022-39278: Announcing Istio 1.13.9

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.

CVE-2022-41316: HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

CVE-2022-42012: security - dbus denial of service: CVE-2022-42010, -42011, -42012

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Gentoo Linux Security Advisory 202209-26

Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.

Gentoo Linux Security Advisory 202209-26

Gentoo Linux Security Advisory 202209-26 - Multiple vulnerabilities have been discovered in Go, the worst of which could result in denial of service. Versions less than 1.18.6 are affected.

GHSA-phjr-8j92-w5v7: CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

RHSA-2022:6527: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server

CVE-2022-32190

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Red Hat Security Advisory 2022-6263-01

Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6262-01

Red Hat Security Advisory 2022-6262-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include a bypass vulnerability.

RHSA-2022:6262: Red Hat Security Advisory: OpenShift Container Platform 4.6.61 bug fix and security update

Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6287-01

Red Hat Security Advisory 2022-6287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.3. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6347-01

Red Hat Security Advisory 2022-6347-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. Version 0.5 has been released with security fixes and updates.

Red Hat Security Advisory 2022-6344-01

Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

Red Hat Security Advisory 2022-6344-01

Red Hat Security Advisory 2022-6344-01 - Logging Subsystem 5.5.1 for Red Hat OpenShift has been released. Issue addressed include a stack exhaustion vulnerability.

CVE-2022-27664: [security] Go 1.19.1 and Go 1.18.6 are released

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

CVE-2022-27664: [security] Go 1.19.1 and Go 1.18.6 are released

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

RHSA-2022:6344: Red Hat Security Advisory: Logging Subsystem 5.5.1 Security and Bug Fix Update

Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6344: Red Hat Security Advisory: Logging Subsystem 5.5.1 Security and Bug Fix Update

Logging Subsystem 5.5.1 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6347: Red Hat Security Advisory: VolSync 0.5 security fixes and updates

VolSync v0.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack e...

Red Hat Security Advisory 2022-6188-01

Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.

Red Hat Security Advisory 2022-6188-01

Red Hat Security Advisory 2022-6188-01 - This is an updated release of the Node Maintenance Operator. The Node Maintenance Operator cordons off nodes from the rest of the cluster and drains all the pods from the nodes. By placing nodes under maintenance, administrators can proactively power down nodes, move workloads to other parts of the cluster, and ensure that workloads do not get interrupted.

RHSA-2022:6187: Red Hat Security Advisory: Node Health Check Operator 0.3.1 security update

An update for node-healthcheck-operator-bundle-container and node-healthcheck-operator-container is now available for Node Healthcheck Operator 0.3 for RHEL 8. This Operator is delivered by Red Hat Workload Availability. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30631: golang: compress/gzip: stack exhaust...

RHSA-2022:6051: Red Hat Security Advisory: Logging Subsystem 5.5.0 - Red Hat OpenShift security update

An update is now available for RHOL-5.5-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6061-01

Red Hat Security Advisory 2022-6061-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6066-01

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6066-01

Red Hat Security Advisory 2022-6066-01 - The etcd packages provide a highly available key-value store for shared configuration. Issues addressed include a denial of service vulnerability.

RHSA-2022:6066: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6066: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6062: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

CVE-2022-32189: math/big: index out of range in Float.GobDecode · Issue #53871 · golang/go

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

CVE-2022-30631: GO-2022-0524 - Go Packages

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

Red Hat Security Advisory 2022-5875-01

Red Hat Security Advisory 2022-5875-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.26.

RHSA-2022:5875: Red Hat Security Advisory: OpenShift Container Platform 4.10.26 security update

Red Hat OpenShift Container Platform release 4.10.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

RHSA-2022:5923: Red Hat Security Advisory: Service Telemetry Framework 1.3 security update

An update is now available for Service Telemetry Framework 1.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-5909-01

Red Hat Security Advisory 2022-5909-01 - Openshift Logging Bug Fix Release. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:5909: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.2.13)

Openshift Logging Bug Fix Release (5.2.13) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5908: Red Hat Security Advisory: Openshift Logging Bug Fix and security update Release (5.3.10)

Openshift Logging Bug Fix Release (5.3.10) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5775: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...

Red Hat Security Advisory 2022-5556-01

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:5556: Red Hat Security Advisory: Logging Subsystem 5.4.3 - Red Hat OpenShift security update

Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

RHSA-2022:5525: Red Hat Security Advisory: Service Binding Operator security update

An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.7 + Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-5026-01

Red Hat Security Advisory 2022-5026-01 - This advisory contains the following OpenShift Virtualization 4.10.2 images: RHEL-8-CNV-4.10. Issues addressed include a denial of service vulnerability.

RHSA-2022:5026: Red Hat Security Advisory: OpenShift Virtualization 4.10.2 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.10.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Red Hat Security Advisory 2022-2280-01

Red Hat Security Advisory 2022-2280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. Issues addressed include cross site scripting and denial of service vulnerabilities.

RHSA-2022:2280: Red Hat Security Advisory: OpenShift Container Platform 3.11.705 security update

Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion:...

Red Hat Security Advisory 2022-4712-01

Red Hat Security Advisory 2022-4712-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The ovirt-ansible-hosted-engine-setup package provides an Ansible role for deploying Red Hat Virtualization Hosted-Engine.

RHSA-2022:4712: Red Hat Security Advisory: RHV Engine and Host Common Packages security update

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

Red Hat Security Advisory 2022-4667-01

Red Hat Security Advisory 2022-4667-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.10.1 RPMs. Issues addressed include a denial of service vulnerability.

RHSA-2022:4667: Red Hat Security Advisory: OpenShift Virtualization 4.10.1 RPMs security and bug fix update

Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

CVE-2022-27191: An update of golang.org/x/crypto/ssh might be necessary

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

CVE-2022-24302: Changelog — Paramiko documentation

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

CVE-2022-21698: promhttp: Check validity of method and code label values by kakkoyun · Pull Request #962 · prometheus/client_golang

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler th...

CVE-2021-22570: Release Protocol Buffers v3.15.0 · protocolbuffers/protobuf

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

CVE-2021-21285: Docker Engine release notes

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.