Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3216: Red Hat Security Advisory: OpenShift Container Platform 4.10.60 packages and security update

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#git#java#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-24

Updated:

2023-05-24

RHSA-2023:3216 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: OpenShift Container Platform 4.10.60 packages and security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2023:3217

Security Fix(es):

  • cri-o: incorrect handling of the supplementary groups (CVE-2022-2995)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2121632 - CVE-2022-2995 cri-o: incorrect handling of the supplementary groups

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm

SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b

jenkins-2.387.3.1684251986-1.el8.src.rpm

SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75

openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm

SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be

x86_64

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm

SHA-256: dbda9dfa0e12b964d3ba763964cd60bb50aabd15060fa04139c9f3a4af398758

cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm

SHA-256: ef218912bab2c4c55f6978185a792fb2e176ccc54d05ab6625644f1b31d8ac6d

cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm

SHA-256: 359d4baeeaef1ffd78edd206e9e510908168094dc7ce5eb77ea49a19e4f5eefa

jenkins-2.387.3.1684251986-1.el8.noarch.rpm

SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933

openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad

openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb

openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d

python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el7.src.rpm

SHA-256: c58e25bf69fbabf925958989b325f449091a79512f28c451bfa0dd7ce58e4dc1

x86_64

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el7.x86_64.rpm

SHA-256: fb428bb45e232f4675cc14e88f3abf7e04fd5587659e033c71d4dd2a9dbac293

cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el7.x86_64.rpm

SHA-256: c76a52df1ea2de7cd1d5213500f46863cb19a65911461735edd5ac75950a338c

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm

SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b

jenkins-2.387.3.1684251986-1.el8.src.rpm

SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75

openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm

SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be

ppc64le

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm

SHA-256: 9f098c21ecadcf0e30388ef6018d1e85dd6c2a2e25955395037515930639d29e

cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm

SHA-256: e5f56c87de6c8c4d829e7fefa18592c7c01b5968df666325516ddfde47359f17

cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm

SHA-256: 1c80a7a3f461ad18d5fcedf749602ffa27db2b16f05904c163e0ae35ac161df5

jenkins-2.387.3.1684251986-1.el8.noarch.rpm

SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933

openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad

openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb

openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d

python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm

SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b

jenkins-2.387.3.1684251986-1.el8.src.rpm

SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75

openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm

SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be

s390x

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm

SHA-256: 2e5ce1e37721b116dfa1f590f93e761256bf6abf82c8e394cadb4e65ae9cb770

cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm

SHA-256: 560c2453f46cbb216d614663b127f40d00f96e5259f997576f002f879f24c1f1

cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm

SHA-256: 3636a41704b23b1332563f3a143951dbfba307ecf78fd5a8bd2011a32dfbed77

jenkins-2.387.3.1684251986-1.el8.noarch.rpm

SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933

openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad

openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb

openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d

python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm

SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b

jenkins-2.387.3.1684251986-1.el8.src.rpm

SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75

openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm

SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be

aarch64

cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm

SHA-256: eae4398b4d781fa8cc80858682711f020803cfe3d14cca276f22b3563c4f6e98

cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm

SHA-256: 672ae458879a844f06352b5eab7b952562aedebe6f6c765bf755abdea87a60e3

cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm

SHA-256: b9ddbe3b1d654a66c006a84a4897510ec2ea514ebe1b25d74fd1a09d0d989ae2

jenkins-2.387.3.1684251986-1.el8.noarch.rpm

SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933

openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad

openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb

openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d

python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm

SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:3915: Red Hat Security Advisory: OpenShift Container Platform 4.11.44 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...

Red Hat Security Advisory 2023-3644-01

Red Hat Security Advisory 2023-3644-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

RHSA-2023:3644: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

RHSA-2023:3541: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct acc...

Red Hat Security Advisory 2023-3216-01

Red Hat Security Advisory 2023-3216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-0693-01

Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

RHSA-2023:0693: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...

Red Hat Security Advisory 2022-7399-01

Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-7398-02

Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...

RHSA-2022:7398: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...

GHSA-phjr-8j92-w5v7: CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.