Headline
RHSA-2022:8126: Red Hat Security Advisory: ignition security, bug fix, and enhancement update
An update for ignition is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1706: ignition: configs are accessible from unprivileged containers in VMs running on VMware products
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8126 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: ignition security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for ignition is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. On first boot, Ignition reads its configuration from a source of truth (remote URL, network metadata service, hypervisor bridge, etc.) and applies the configuration.
The following packages have been upgraded to a later upstream version: ignition (2.14.0). (BZ#2090647)
Security Fix(es):
- ignition: configs are accessible from unprivileged containers in VMs running on VMware products (CVE-2022-1706)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2066829 - Update to 2.13.0-2
- BZ - 2082274 - CVE-2022-1706 ignition: configs are accessible from unprivileged containers in VMs running on VMware products
- BZ - 2085130 - update spec file/man page to indicate Ignition is currently only supported on RHCOS
- BZ - 2090647 - Update Ignition to latest upstream version 2.14.0
- BZ - 2117606 - Enable ssh-key-dir in ignition on C9S
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
ignition-2.14.0-1.el9.src.rpm
SHA-256: f2740e84f04521c01d34d400756b20f3c20129d8df620f04bae6f4034b7c01e5
x86_64
ignition-2.14.0-1.el9.x86_64.rpm
SHA-256: 281e1a05b389237cf64f3969af1ee8b1db647218e642dc20d5d87498492bbdb3
ignition-debuginfo-2.14.0-1.el9.x86_64.rpm
SHA-256: cdf1adb8ac0cf752f9827a6228ea09e11b944c467d9107ab3f0178b6d0beeb6c
ignition-debugsource-2.14.0-1.el9.x86_64.rpm
SHA-256: 0316cb38d5796b023583d52d4bb6a6462b705b648d0ed4805e71252e9dc004e0
ignition-validate-debuginfo-2.14.0-1.el9.x86_64.rpm
SHA-256: b6760fad78bd5a5343feae09b312c824aa5ca3430739d392d0cfce7b8dfc350b
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
ignition-2.14.0-1.el9.src.rpm
SHA-256: f2740e84f04521c01d34d400756b20f3c20129d8df620f04bae6f4034b7c01e5
s390x
ignition-2.14.0-1.el9.s390x.rpm
SHA-256: 9a6dc2aef6c56006beca17811d84641543f98863045fb5875605c01b731c4c59
ignition-debuginfo-2.14.0-1.el9.s390x.rpm
SHA-256: c377d864ca22d5433be5d3bdf62f87daf15ed1452705b3a8dcc13e430af0c749
ignition-debugsource-2.14.0-1.el9.s390x.rpm
SHA-256: c341bcff021f00ee81565ea81e00678da19860e489cc8901c869f37eb97b5857
ignition-validate-debuginfo-2.14.0-1.el9.s390x.rpm
SHA-256: 1ef9f42765042ef30f3f7743066eb648d5b67fe755a4762cedaa562405e6a0a3
Red Hat Enterprise Linux for Power, little endian 9
SRPM
ignition-2.14.0-1.el9.src.rpm
SHA-256: f2740e84f04521c01d34d400756b20f3c20129d8df620f04bae6f4034b7c01e5
ppc64le
ignition-2.14.0-1.el9.ppc64le.rpm
SHA-256: 50ed79a8c5a295062926d9209f92bdc50581c322abf4c02b8414e10b9b8a6385
ignition-debuginfo-2.14.0-1.el9.ppc64le.rpm
SHA-256: 8c4a59c4ada3ab5434a6dadb76a18fa82dedad1c09e0697d577b93811187e6ff
ignition-debugsource-2.14.0-1.el9.ppc64le.rpm
SHA-256: c502277d1bad6bf9acfdad1872cbc9b8c044968e01a9953eb3627e2fe428b5cf
ignition-validate-debuginfo-2.14.0-1.el9.ppc64le.rpm
SHA-256: d9282f795e12e9e1e4f39ab963ae11ffa2f6b453fc3d5a2ee52cdb61fb63c5a8
Red Hat Enterprise Linux for ARM 64 9
SRPM
ignition-2.14.0-1.el9.src.rpm
SHA-256: f2740e84f04521c01d34d400756b20f3c20129d8df620f04bae6f4034b7c01e5
aarch64
ignition-2.14.0-1.el9.aarch64.rpm
SHA-256: ca203e7900e4394f9ea249786075b170608a0962706b81568d04b7ac5c604876
ignition-debuginfo-2.14.0-1.el9.aarch64.rpm
SHA-256: 36baed6a0a282a6f83bab717af408a0d68236c5196fe5f264c980027c97d7542
ignition-debugsource-2.14.0-1.el9.aarch64.rpm
SHA-256: 1e09e35ee88dd08bc52278e04fe8fc991ddb28391c37606e08753a8fe431545b
ignition-validate-debuginfo-2.14.0-1.el9.aarch64.rpm
SHA-256: 97e0eea4934c918dae0aea75a993c3f577813119c99e8c1d9bf06158b4092ff3
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.