Headline
RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
- CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the
RandomAlphaNumeric
andCryptoRandomAlphaNumeric
functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions. - CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.
- CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
- CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
- CVE-2022-23525: A flaw was found in Helm. Applications that use the repo package in Helm SDK to parse an index file may suffer a denial of service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic.
- CVE-2022-23526: A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that could cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema validation files into structures Go can work with. Some schema files can cause array data structures to be created, causing a memory violation. Applications that use the chartutil package in the Helm SDK to parse a schema files may result in a denial of service.
- CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
- CVE-2022-41316: A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority (CA) into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved.
- CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
- CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
- CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
- CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
- CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
- CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password. However, due to the way this mechanism was implemented in the exporter toolkit, if the hashed password is known, it is possible to authenticate against Prometheus.
- CVE-2023-0620: A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend, which could allow the attacker to view, add, modify, or delete information in the backend database.
- CVE-2023-0665: A flaw was found in the Hashicorp vault. Vault’s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in a denial of service of the PKI mount. This bug did not affect public or private key material, trust chains, or certificate issuance.
- CVE-2023-25000: A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel to reduce the search space of a brute-force effort to recover the Shamir shares.
- CVE-2023-25165: A flaw was found in the helm package. The ‘getHostByName’ is a Helm template function introduced in Helm v3 and can accept a hostname and return an IP address for that hostname. To get the IP address, the function performs a DNS lookup. The DNS lookup happens when used with ‘helm install|upgrade|template’ or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to look up the IP address. For example, a malicious chart could inject getHostByName into a chart to disclose values to a malicious DNS server.
- CVE-2023-25173: A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container.
- CVE-2023-25809: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes
/sys/fs/cgroup
writable in following conditons: 1. when runc is executed inside the user namespace, and theconfig.json
does not specify the cgroup namespace to be unshared (e.g…,(docker|podman|nerdctl) run --cgroupns=host
, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and/sys
is mounted withrbind, ro
(e.g.,runc spec --rootless
; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy/sys/fs/cgroup/user.slice/...
on the host . Other users’s cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace ((docker|podman|nerdctl) run --cgroupns=private)
. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add/sys/fs/cgroup
tomaskedPaths
. - CVE-2023-27561: A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume.
- CVE-2023-28642: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when
/proc
inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked/proc
. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. - CVE-2023-30841: A flaw was found in the baremetal-operator, where the ironic and ironic-inspector deployed within the baremetal operator using the included deploy.sh store
.htpasswd
files as ConfigMaps instead of Secrets. This issue causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster or access to the management cluster’s etcd storage.
Synopsis
Important: OpenShift Container Platform 4.13.0 security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4.13.0 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:1325
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
Security Fix(es):
- goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
- go-yaml: Denial of Service in go-yaml (CVE-2021-4235)
- mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
- golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
- helm: Denial of service through through repository index file (CVE-2022-23525)
- helm: Denial of service through schema file (CVE-2022-23526)
- golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
- vault: insufficient certificate revocation list checking (CVE-2022-41316)
- golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
- x/net/http2/h2c: request smuggling (CVE-2022-41721)
- net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
- golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
- golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
- exporter-toolkit: authentication bypass via cache poisoning (CVE-2022-46146)
- vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)
- hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)
- hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)
- helm: getHostByName Function Information Disclosure (CVE-2023-25165)
- containerd: Supplementary groups are not set up properly (CVE-2023-25173)
- runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
- runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (CVE-2023-28642)
- baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841)
- runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
Solution
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags
The sha values for the release are:
(For x86_64 architecture)
The image digest is sha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711
(For s390x architecture)
The image digest is sha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79
(For ppc64le architecture)
The image digest is sha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8
(For aarch64 architecture)
The image digest is sha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.13 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.13 for RHEL 9 ppc64le
- Red Hat OpenShift Container Platform for Power 4.13 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 9 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 9 aarch64
- Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 8 aarch64
Fixes
- BZ - 1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]
- BZ - 1853264 - Metrics produce high unbound cardinality
- BZ - 1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot
- BZ - 1904573 - OpenShift: containers modify /etc/passwd group writable
- BZ - 1943194 - when using gpus, more nodes than needed are created by the node autoscaler
- BZ - 1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated
- BZ - 1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
- BZ - 2005232 - Pods list page should only show Create Pod button to user has sufficient permission
- BZ - 2016006 - Repositories list does not show the running pipelinerun as last pipelinerun
- BZ - 2027000 - The user is ignored when we create a new file using a MachineConfig
- BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- BZ - 2047299 - nodeport not reachable port connection timeout
- BZ - 2050230 - Implement LIST call chunking in openshift-sdn
- BZ - 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
- BZ - 2065166 - GCP - Less privileged service accounts are created with Service Account User role
- BZ - 2066388 - Wrong Error generates when https is missing in the value of `regionEndpoint` in `configs.imageregistry.operator.openshift.io/cluster`
- BZ - 2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles
- BZ - 2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud
- BZ - 2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode
- BZ - 2076619 - Could not create deployment with an unknown git repo and builder image build strategy
- BZ - 2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)
- BZ - 2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk
- BZ - 2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller
- BZ - 2083087 - “Delete dependent objects of this resource” might cause confusions
- BZ - 2084452 - PodDisruptionBudgets help message should be semantic
- BZ - 2087043 - Cluster API components should use K8s 1.24 dependencies
- BZ - 2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, "ap-northeast-2 (South Korea (Seoul))" and "ap-southeast-7 (Thailand (Bangkok))"
- BZ - 2089093 - CVO hotloops on OperatorGroup due to the diff of "upgradeStrategy": string(“Default”)
- BZ - 2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator
- BZ - 2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload
- BZ - 2092567 - Network policy is not being applied as expected
- BZ - 2092811 - Datastore name is too long
- BZ - 2093339 - [rebase v1.24] Only known images used by tests
- BZ - 2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11
- BZ - 2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface
- BZ - 2100429 - [apiserver-auth] default SCC restricted allow volumes don’t have “ephemeral” caused deployment with Generic Ephemeral Volumes stuck at Pending
- BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- BZ - 2104978 - MCD degrades are not overwrite-able by subsequent errors
- BZ - 2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu
- BZ - 2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again
- BZ - 2110982 - On GCP, need to check load balancer health check IPs required for restricted installation
- BZ - 2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true
- BZ - 2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs
- BZ - 2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button
- BZ - 2116686 - [capi] Cluster kind should be valid
- BZ - 2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted
- BZ - 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking
- BZ - 2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning
- BZ - 2154196 - CVE-2022-23526 helm: Denial of service through schema file
- BZ - 2154202 - CVE-2022-23525 helm: Denial of service through through repository index file
- BZ - 2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml
- BZ - 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
- BZ - 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
- BZ - 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling
- BZ - 2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure
- BZ - 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
- BZ - 2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)
- BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
- BZ - 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
- BZ - 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
- BZ - 2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration
- BZ - 2182884 - CVE-2023-25809 runc: Rootless runc makes `/sys/fs/cgroup` writable
- BZ - 2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations
- BZ - 2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
- BZ - 2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
- BZ - 2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access
- OCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12
- OCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED
- OCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions
- OCPBUGS-10220 - Newly provisioned machines unable to join cluster
- OCPBUGS-10221 - Risk cache warming takes too long on channel changes
- OCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails
- OCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm
- OCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster
- OCPBUGS-3207 - SCOS build fails due to pinned kernel
- OCPBUGS-3214 - Installer does not always add router CA to kubeconfig
- OCPBUGS-3228 - Broken secret created while starting a Pipeline
- OCPBUGS-3235 - Topology gets stuck loading
- OCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update
- OCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]
- OCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands
- OCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working
- OCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1
- OCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags
- OCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances
- OCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS
- OCPBUGS-3662 - don’t enforce PSa in 4.12
- OCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down
- OCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI
- OCPBUGS-3676 - After node’s reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod
- OCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency
- OCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form
- OCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions
- OCPBUGS-3714 - ‘oc adm upgrade …’ should expose ClusterVersion Failing=True
- OCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated
- OCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin
- OCPBUGS-3755 - Create Alertmanager silence form does not explain the new “Negative matcher” option
- OCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod
- OCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image
- OCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy
- OCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed
- OCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues
- OCPBUGS-3797 - [4.13] Bump OVS control plane to get “ovsdb/transaction.c: Refactor assess_weak_refs.”
- OCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger “Delete CSV”
- OCPBUGS-3827 - CCM not able to remove a LB in ERROR state
- OCPBUGS-3877 - RouteTargetReference missing default for “weight” in Route CRD v1 schema
- OCPBUGS-5466 - Default CatalogSource aren’t always reverted to default settings
- OCPBUGS-5492 - CI "[Feature:bond] should create a pod with bond interface" fail for MTU migration jobs
- OCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes
- OCPBUGS-5498 - Host inventory quick start for OCP
- OCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism
- OCPBUGS-5508 - Report topology usage in vSphere environment via telemetry
- OCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible
- OCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures
- OCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write
- OCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests
- OCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade
- OCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff
- OCPBUGS-6507 - Don’t retry network policy peer pods if ips couldn’t be fetched
- OCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed
- OCPBUGS-6610 - Developer - Topology : ‘Filter by resource’ drop-down i18n misses
- OCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region
- OCPBUGS-6624 - Issue deploying the master node with IPI
- OCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds
- OCPBUGS-6646 - Ingress node firewall CI is broken with latest
- OCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses
- OCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy
- OCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox
- OCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined
- OCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent
- OCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator’s ensureNodePortService
- OCPBUGS-6700 - Cluster-ingress-operator’s updateIngressClass function logs success message when error
- OCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup
- OCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46
- OCPBUGS-6722 - s390x: failed to generate asset "Image": multiple “disk” artifacts found
- OCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer
- OCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated
- OCPBUGS-6741 - opm fails to serve FBC if cachedir not provided
- OCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column
- OCPBUGS-6760 - Couldn’t update/delete cpms on gcp private cluster
- OCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page
- OCPBUGS-6765 - “Delete dependent objects of this resource” might cause confusions
- OCPBUGS-6777 - [gcp][CORS-1988] “create manifests” without an existing “install-config.yaml” missing 4 YAML files in “<install dir>/openshift” which leads to “create cluster” failure
- OCPBUGS-6781 - gather Machine objects
- OCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop
- OCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun
- OCPBUGS-6809 - Uploading large layers fails with “blob upload invalid”
- OCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
- OCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig
- OCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length
- OCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin
- OCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates
- OCPBUGS-9957 - Garbage collect grafana-dashboard-etcd
- OCPBUGS-9963 - Better to change the error information more clearly to help understand
- OCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
- OCPBUGS-3018 - panic in WaitForBootstrapComplete
- OCPBUGS-3021 - GCP: missing me-west1 region
- OCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer
- OCPBUGS-3027 - Metrics are not available when running console in development mode
- OCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup
- OCPBUGS-3033 - Clicking the logo in the masthead goes to `/dashboards`, even if metrics are disabled
- OCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters
- OCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn’t take effect.
- OCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed
- OCPBUGS-3079 - RPS hook only sets the first queue, but there are now many
- OCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
- OCPBUGS-3093 - The control plane should tag AWS security groups at creation
- OCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked
- OCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being
- OCPBUGS-3114 - CNO reporting incorrect status
- OCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions
- OCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog
- OCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]
- OCPBUGS-3172 - Console shouldn’t try to install dynamic plugins if permissions aren’t available
- OCPBUGS-3180 - Regression in ptp-operator conformance tests
- OCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install
- OCPBUGS-5188 - Wrong message in MCCDrainError alert
- OCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets
- OCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure
- OCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal
- OCPBUGS-5275 - remove unnecessary RBAC in OCM
- OCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail
- OCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]
- OCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level
- OCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network
- OCPBUGS-5346 - Reported vSphere Connection status is misleading
- OCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled
- OCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard
- OCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn’t restore its snapshot successfully
- OCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire
- OCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions
- OCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13
- OCPBUGS-5458 - wal: max entry size limit exceeded
- OCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch
- OCPBUGS-6262 - Add more logs to “oc extract” in mco-first boot service
- OCPBUGS-6270 - Irrelevant vsphere platform data is required
- OCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace
- OCPBUGS-6821 - Update NTO images to be consistent with ART
- OCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse
- OCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected
- OCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)
- OCPBUGS-7617 - Azure Disk volume is taking time to attach/detach
- OCPBUGS-7622 - vSphere UPI jobs failing with ‘Managed cluster should have machine resources’
- OCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1
- OCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4
- OCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true
- OCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names
- OCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job
- OCPBUGS-8481 - CAPI rebases 4.13 backports
- OCPBUGS-8490 - agent-tui: display additional checks only when primary check fails
- OCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart
- OCPBUGS-8701 - `oc patch project` not working with OCP 4.12
- OCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth
- OCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2
- OCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator
- OCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view
- OCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10
- OCPBUGS-8742 - Origin tests should not specify `readyz` as the health check path
- OCPBUGS-8941 - Introduce tooltips for contextual information
- OCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don’t seem to reach the pods
- OCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer
- OCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases
- OCPBUGS-9389 - Detach code in vsphere csi driver is failing
- OCPBUGS-9926 - Enable node healthz server for ovnk in CNO
- OCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn’t land on correct URL
- OCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node
- OCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator
- OCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it
- OCPBUGS-2088 - User can set rendezvous host to be a worker
- OCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8
- OCPBUGS-2145 - ‘maxUnavailable’ and ‘minAvailable’ on PDB creation page - i18n misses
- OCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled
- OCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error “alicloud: unable to split instanceid and region from providerID”
- OCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts
- OCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can’t be changed by typing in it.
- OCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week
- OCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by ‘publish: Internal’ failed due to ‘dns_public_record’
- OCPBUGS-2440 - unknown field logs in prometheus-operator
- OCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode
- OCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering
- OCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for “registry.ci.openshift.org”
- OCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests
- OCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed
- OCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range
- OCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
- OCPBUGS-2991 - CI jobs are failing with: admission webhook “validation.csi.vsphere.vmware.com” denied the request
- OCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations
- OCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing
- OCPBUGS-2996 - [4.13] Bootimage bump tracker
- OCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without “CSISnapshot” capability
- OCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
- OCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests
- OCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster
- OCPBUGS-3440 - Authentication operator doesn’t respond to console being enabled
- OCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console
- OCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters
- OCPBUGS-3456 - track `rhcos-4.12` branch for fedora-coreos-config submodule
- OCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages
- OCPBUGS-3465 - IBM operator needs deployment manifest fixes
- OCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components
- OCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page
- OCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling
- OCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior
- OCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior
- OCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation
- OCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady
- OCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure
- OCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin
- OCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing
- OCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX
- OCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5
- OCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family
- OCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART
- OCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART
- OCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART
- OCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART
- OCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART
- OCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART
- OCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART
- OCPBUGS-6486 - Image upload fails when installing cluster
- OCPBUGS-7495 - Platform type is ignored
- OCPBUGS-7517 - Helm page crashes on old releases with a new Secret
- OCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal
- OCPBUGS-7523 - Add new AWS regions for ROSA
- OCPBUGS-7542 - Bump router to k8s APIs v0.26.1
- OCPBUGS-7555 - Enable default sysctls for kubelet
- OCPBUGS-7558 - Rebase coredns to 1.10.1
- OCPBUGS-8401 - Bump openshift/origin to kube 1.26.2
- OCPBUGS-8424 - ControlPlaneMachineSet: Machine’s Node should be Ready to consider the Machine Ready
- OCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig
- OCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview
- OCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused
- OCPBUGS-1486 - Avoid re-metric’ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election
- OCPBUGS-1557 - Default to floating automaticRestart for new GCP instances
- OCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config
- OCPBUGS-1565 - Possible split brain with keepalived unicast
- OCPBUGS-1566 - Automation Offline CPUs Test cases
- OCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces
- OCPBUGS-1604 - Common resources out-of-date when using multicluster switcher
- OCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters
- OCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain
- OCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration
- OCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain
- OCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created
- OCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided
- OCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed
- OCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and “NodePortService” endpoint publishing strategy
- OCPBUGS-1741 - Can’t load additional Alertmanager templates with latest 4.12 OpenShift
- OCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace
- OCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly
- OCPBUGS-1769 - gracefully fail when iam:GetRole is denied
- OCPBUGS-1778 - Can’t install clusters with schedulable masters
- OCPBUGS-1791 - Wait-for install-complete did not exit upon completion.
- OCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn’t list multiple datacenters when specified
- OCPBUGS-1807 - Ingress Operator startup bad log message formatting
- OCPBUGS-1844 - Ironic dnsmasq doesn’t include existing DNS settings during iPXE boot
- OCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener
- OCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters
- OCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled
- OCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints
- OCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop
- OCPBUGS-2922 - ‘Status’ column sorting doesn’t work as expected
- OCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args
- OCPBUGS-2934 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node
- OCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses
- OCPBUGS-2946 - [AWS] curl network Loadbalancer always get “Connection time out”
- OCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors
- OCPBUGS-5045 - unit test data race with egress ip tests
- OCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used
- OCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80.
- OCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource
- OCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks
- OCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12
- OCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: “Creating vfat image failed: Unexpected error while running command”
- OCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
- OCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART
- OCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART
- OCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART
- OCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART
- OCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART
- OCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART
- OCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART
- OCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART
- OCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART
- OCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART
- OCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART
- OCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed
- OCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2
- OCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO
- OCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies
- OCPBUGS-8341 - Unable to set capabilities with agent installer based installation
- OCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing
- OCPBUGS-8353 - PXE support is incomplete
- OCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly
- OCPBUGS-1048 - if tag categories don’t exist, the installation will fail to bootstrap
- OCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, “Observe - Alerting - Silences” page is pending
- OCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]
- OCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config
- OCPBUGS-1272 - “opm alpha render-veneer basic” doesn’t support pipe stdin
- OCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up
- OCPBUGS-1352 - OVN silently failing in case of a stuck pod
- OCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices
- OCPBUGS-1428 - service account token secret reference
- OCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns
- OCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12
- OCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric
- OCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates
- OCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster
- OCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size.
- OCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page
- OCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
- OCPBUGS-2841 - Need validation rule for supported arch
- OCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update
- OCPBUGS-2847 - GCP XPN should only be available with Tech Preview
- OCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror
- OCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded
- OCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster
- OCPBUGS-2873 - Prometheus doesn’t reload TLS certificate and key files on disk
- OCPBUGS-2886 - The LoadBalaner section shouldn’t be set when using Kuryr on cloud-provider
- OCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service
- OCPBUGS-4899 - coreos-installer output not available in the logs
- OCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters
- OCPBUGS-4906 - Cross-namespace template processing is not being tested
- OCPBUGS-4909 - Can’t reach own service when egress netpol are enabled
- OCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP
- OCPBUGS-4941 - Fails to deprovision cluster when swift omits ‘content-type’ and there are empty containers
- OCPBUGS-4950 - OLM K8s Dependencies should be at 1.25
- OCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup
- OCPBUGS-4955 - Bundle Unpacker Using “Always” ImagePullPolicy for digests
- OCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered
- OCPBUGS-4975 - Missing translation in ceph storage plugin
- OCPBUGS-4986 - precondition: Do not claim warnings would have blocked
- OCPBUGS-4997 - Agent ISO does not respect proxy settings
- OCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI
- OCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather
- OCPBUGS-5016 - Editing Pipeline in the ocp console to get information error
- OCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.
- OCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled
- OCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades
- OCPBUGS-6026 - cannot change /etc folder ownership inside pod
- OCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image
- OCPBUGS-6049 - Do not show UpdateInProgress when status is Failing
- OCPBUGS-6053 - `availableUpdates: null` results in run-time error on Cluster Settings page
- OCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41
- OCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI
- OCPBUGS-6089 - Unnecessary event reprocessing
- OCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection
- OCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly
- OCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider
- OCPBUGS-6101 - Daemonset is not upgraded after operator upgrade
- OCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack
- OCPBUGS-7806 - add “nfs-export” under PV details page
- OCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file
- OCPBUGS-7833 - Storage tests failing in no-capabilities job
- OCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure
- OCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json
- OCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work
- OCPBUGS-7879 - Devfile isn’t be processed correctly on ‘Add from git repo’
- OCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI
- OCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC
- OCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated
- OCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context
- OCPBUGS-7940 - apiserver panics in admission controller
- OCPBUGS-7943 - AzureFile CSI driver does not compile with cachito
- OCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by
- OCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs
- OCPBUGS-948 - OLM sets invalid SCC label on its namespaces
- OCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index
- OCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels
- OCPBUGS-166 - 4.11 SNOs fail to complete install because of “failed to get pod annotation: timed out waiting for annotations: context deadline exceeded”
- OCPBUGS-186 - PipelineRun task status overlaps status text
- OCPBUGS-266 - Project Access tab cannot differentiate between users and groups
- OCPBUGS-4541 - Azure: remove deprecated ADAL
- OCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]
- OCPBUGS-4549 - Azure: replace deprecated AD Graph API
- OCPBUGS-4550 - [CI] console-operator produces more watch requests than expected
- OCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to “A specific namespace on the cluster”
- OCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP
- OCPBUGS-4630 - Bump documentationBaseURL to 4.13
- OCPBUGS-4635 - [OCP 4.13] ironic container images have old packages
- OCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO
- OCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0
- OCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO
- OCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update
- OCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync
- OCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17
- OCPBUGS-4691 - Topology sidebar actions doesn’t show the latest resource data
- OCPBUGS-4692 - PTP operator: Use priority class node critical
- OCPBUGS-4700 - read-only update UX: confusing “Update blocked” pop-up
- OCPBUGS-4701 - read-only update UX: confusing “Control plane is hosted” banner
- OCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds
- OCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged
- OCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation
- OCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire
- OCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)
- OCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)
- OCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider ‘ec2’
- OCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19
- OCPBUGS-4781 - Get Helm Release seems to be using List Releases api
- OCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference
- OCPBUGS-4802 - Update formatting with gofmt for go1.19
- OCPBUGS-4825 - Pods completed + deleted may leak
- OCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1
- OCPBUGS-4873 - openshift-marketplace namespace missing “audit-version” and “warn-version” PSA label
- OCPBUGS-4874 - Baremetal host data is still sometimes required
- OCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type
- OCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public
- OCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource
- OCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope
- OCPBUGS-5959 - [4.13] Bootimage bump tracker
- OCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly
- OCPBUGS-5991 - Kube APIServer panics in admission controller
- OCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered
- OCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
- OCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics
- OCPBUGS-723 - ClusterResourceQuota values are not reflecting.
- OCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured
- OCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]
- OCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error
- OCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13
- OCPBUGS-736 - Kuryr uses default MTU for service network
- OCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc
- OCPBUGS-7372 - fail early on missing node status envs
- OCPBUGS-7374 - set default timeouts in etcdcli
- OCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication
- OCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore
- OCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito
- OCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds
- OCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds
- OCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form
- OCPBUGS-7419 - CVO delay when setting clusterversion available status to true
- OCPBUGS-7421 - Missing i18n key for PAC section in Git import form
- OCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1
- OCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time
- OCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly
- OCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere
- OCPBUGS-7483 - Hypershift installs on “platform: none” are broken
- OCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged
- OCPBUGS-7729 - Remove ETCD liviness probe.
- OCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped
- OCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2
- OCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config
- OCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon
- OCPBUGS-7754 - ART having trouble building olm images
- OCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable
- OCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP
- OCPBUGS-794 - OLM version rule is not clear
- OCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source
- OCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded
- OCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local
- OCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names
- OCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks
- OCPBUGS-904 - Alerts from MCO are missing namespace
- OCPBUGS-10271 - [4.13] Netflink overflow alert
- OCPBUGS-10291 - Broken link for Ansible tagging
- OCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml
- OCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing `–authfile` flag
- OCPBUGS-2551 - “Error loading” when normal user check operands on All namespaces
- OCPBUGS-2569 - ovn-k network policy races
- OCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization
- OCPBUGS-2666 - `create a project` link not backed by RBAC check
- OCPBUGS-272 - Getting duplicate word “find” when kube-apiserver degraded=true if webhook matches a virtual resource
- OCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work
- OCPBUGS-3414 - Missing ‘ImageContentSourcePolicy’ and ‘CatalogSource’ in the oci fbc feature implementation
- OCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one
- OCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy
- OCPBUGS-4054 - cluster-ingress-operator’s configurable-route controller’s startup is noisy
- OCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state
- OCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network
- OCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not
- OCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode
- OCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator
- OCPBUGS-4483 - apply retry logic to ovnk-node controllers
- OCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig
- OCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig
- OCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia
- OCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout
- OCPBUGS-4516 - `oc-mirror` does not work as expected relative path for OCI format copy
- OCPBUGS-4517 - Better to detail the --command-os of mac for `oc adm release extract` command
- OCPBUGS-4521 - all kubelet targets are down after a few hours
- OCPBUGS-4524 - Hold lock when deleting completed pod during update event
- OCPBUGS-4525 - Don’t log in iterateRetryResources when there are no retry entries
- OCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test
- OCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region
- OCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region
- OCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region
- OCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN
- OCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS
- OCPBUGS-4756 - OLM generates invalid component selector labels
- OCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver
- OCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance
- OCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn’t appear after ODF upgrade resulting in dashboard crash
- OCPBUGS-5540 - Typo in WTO for Milliseconds
- OCPBUGS-5542 - Project dropdown order is not as smart as project list page order
- OCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec
- OCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted
- OCPBUGS-5559 - add default noProxy config for Azure
- OCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page
- OCPBUGS-5736 - The main section of the page will keep loading after normal user login
- OCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
- OCPBUGS-5802 - update sprig to v3 in cno
- OCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary
- OCPBUGS-5842 - executes /host/usr/bin/oc
- OCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand
- OCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing “etcd Object Count” dashboard to only show OpenShift resources
- OCPBUGS-5888 - Failed to install 4.13 ocp on SNO with “error during syncRequiredMachineConfigPools”
- OCPBUGS-5891 - oc-mirror heads-only does not work with target name
- OCPBUGS-5903 - gather default ingress controller definition
- OCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout
- OCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted
- OCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes
- OCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed
- OCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves
- OCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly
- OCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage
- OCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails
- OCPBUGS-7180 - [4.13] Bootimage bump tracker
- OCPBUGS-7186 - [gcp][CORS-2424] with “secureBoot” enabled, after deleting control-plane machine, the new machine is created with “enableSecureBoot” being False unexpectedly
- OCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error
- OCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page
- OCPBUGS-7204 - Manifests generated to multiple “results-xxx” folders when using the oci feature with OCI and nonOCI catalogs
- OCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress
- OCPBUGS-7284 - Hypershift failing new SCC conformance tests
- OCPBUGS-7291 - ptp keeps trying to start phc2sys even if it’s configured as empty string in phc2sysOpts
- OCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)
- OCPBUGS-3275 - No-op: Unable to retrieve machine from node "xxx": expecting one machine for node xxx got: []
- OCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service
- OCPBUGS-3278 - Shouldn’t need to put host data in platform baremetal section in installconfig
- OCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation
- OCPBUGS-3283 - remove unnecessary RBAC in KCM
- OCPBUGS-3292 - DaemonSet “/openshift-network-diagnostics/network-check-target” is not available
- OCPBUGS-3314 - ‘gitlab.secretReference’ disappears when the buildconfig is edited on ?From View?
- OCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list
- OCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset
- OCPBUGS-3331 - Update dependencies in CMO release 4.13
- OCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model
- OCPBUGS-3337 - revert “force cert rotation every couple days for development” in 4.12
- OCPBUGS-3338 - Environment cannot find Python
- OCPBUGS-3358 - Revert BUILD-407
- OCPBUGS-3372 - error message is too generic when creating a silence with end time before start
- OCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on “Observe -> Targets” page
- OCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths
- OCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments
- OCPBUGS-3382 - Unable to configure cluster-wide proxy
- OCPBUGS-3391 - seccomp profile unshare.json missing from nodes
- OCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving.
- OCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP
- OCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true
- OCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready
- OCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set
- OCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory
- OCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected
- OCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later
- OCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13
- OCPBUGS-3933 - Fails to deprovision cluster when swift omits ‘content-type’
- OCPBUGS-3945 - Handle 0600 kubeconfig
- OCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load
- OCPBUGS-3960 - Use kernel-rt from ose repo
- OCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
- OCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue.
- OCPBUGS-3974 - CIRO panics when suspended flag is nil
- OCPBUGS-3975 - “Failed to open directory, disabling udev device properties” in node-exporter logs
- OCPBUGS-3978 - AWS EBS CSI driver operator is degraded without “CSISnapshot” capability
- OCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets
- OCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml
- OCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass
- OCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks
- OCPBUGS-4000 - fix operator naming convention
- OCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated
- OCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu
- OCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed
- OCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret
- OCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface
- OCPBUGS-4252 - Node Terminal tab results in error
- OCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather
- OCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues
- OCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues
- OCPBUGS-4280 - Return 0 when `oc import-image` failed
- OCPBUGS-4282 - [IR-269]Can’t pull sub-manifest image using imagestream of manifest list
- OCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.
- OCPBUGS-4293 - Specify resources.requests for operator pod
- OCPBUGS-4298 - Specify resources.requests for operator pod
- OCPBUGS-4302 - Specify resources.requests for operator pod
- OCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3
- OCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size
- OCPBUGS-4328 - Update installer images to be consistent with ART
- OCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars
- OCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely
- OCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console
- OCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2
- OCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full
- OCPBUGS-4367 - Debug log messages missing from output and Info messages malformed
- OCPBUGS-4377 - Service name search ability while creating the Route from console
- OCPBUGS-4401 - limit cluster-policy-controller RBAC permissions
- OCPBUGS-6893 - Dev console doesn’t finish loading for users with limited access
- OCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail
- OCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService
- OCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch
- OCPBUGS-6945 - OS Release reports incorrect version ID
- OCPBUGS-6953 - ovnkube-master panic nil deref
- OCPBUGS-6955 - panic in an ovnkube-master pod
- OCPBUGS-6962 - ‘agent_installer’ invoker not showing up in telemetry
- OCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs
- OCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1
- OCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed
- OCPBUGS-7031 - Pipelines repository list and creation form doesn’t show Tech Preview status
- OCPBUGS-7090 - Add to navigation button in search result does nothing
- OCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation
- OCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info
- OCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up
- OCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator
- OCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly
- OCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states
- OCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic
- OCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend
- OCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting
- OCPBUGS-4110 - Form footer buttons are misaligned in web terminal form
- OCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes
- OCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
- OCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay
- OCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change
- OCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured
- OCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token
- OCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal
- OCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text
- OCPBUGS-4207 - Remove debug level logging on openshift-config-operator
- OCPBUGS-4219 - Add runbook link to PrometheusRuleFailures
- OCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450
- OCPBUGS-4232 - CNCC: Wrong log format for Azure locking
- OCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api
- OCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator
- OCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator
- OCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator
- OCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator
- OCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry
- OCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering
- OCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration
- OCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS
- OCPBUGS-10298 - TenantID is ignored in some cases
- OCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap
- OCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire
- OCPBUGS-10404 - Workload annotation missing from deployments
- OCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI
- OCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter.
- OCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error
- OCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials
- OCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata
- OCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint
- OCPBUGS-10597 - The agent-tui shows again during the installation
- OCPBUGS-10679 - Show type of sample on the samples view
- OCPBUGS-10710 - Metal virtual media job permafails during early bootstrap
- OCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3
- OCPBUGS-10739 - [4.13] Bootimage bump tracker
- OCPBUGS-10744 - [4.13] EgressFirewall status disappeared
- OCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13
- OCPBUGS-10771 - upgrade test failure with “Cluster operator control-plane-machine-set is not available”
- OCPBUGS-10773 - TestNewAppRun unit test failing
- OCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group
- OCPBUGS-10799 - Network policy perf improvements
- OCPBUGS-10826 - RHEL 9.2 doesn’t contain the `kernel-abi-whitelists` package.
- OCPBUGS-10907 - move to rhel9 in DTK for 4.13
- OCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release
- OCPBUGS-1665 - Scorecard failed because of the request of PodSecurity
- OCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout
- OCPBUGS-5939 - revert “force cert rotation every couple days for development” in 4.13
- OCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease
- OCPBUGS-7354 - Installation failed on Azure SDN as network is degraded
- OCPBUGS-8086 - Visual issues with listing items
- OCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint
- OCPBUGS-8511 - [4.13+ ONLY] Don’t use port 80 in bootstrap IPI bare metal
- OCPBUGS-8710 - [4.13] don’t enforce PSa in 4.13
- OCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change
- OCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview
- OCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
- OCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump
- OCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines
- OCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release
- OCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning
- OCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found
- OCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector
- OCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool.
- OCPBUGS-10793 - Ignore device list missing in Node Exporter
- OCPBUGS-10796 - [4.13] Egress firewall is not retried on error
- OCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall
- OCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable
- OCPBUGS-10833 - update the default pipelineRun template name
- OCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process
- OCPBUGS-10873 - OVN to OVN-H migration seems broken
- OCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image
- OCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly
- OCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
- OCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records
- OCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately
- OCPBUGS-10953 - ovnkube-node does not close up correctly
- OCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways
- OCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap
- OCPBUGS-10965 - The network-tools image stream is missing in the cluster samples
- OCPBUGS-10990 - EgressIP doesn’t work in GCP XPN cluster
- OCPBUGS-11055 - APIServer service isn’t selected correctly for PublicAndPrivate cluster when external-dns is not configured
- OCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted
- OCPBUGS-7785 - migrate to using Lease for leader election
- OCPBUGS-9338 - editor toggle radio input doesn’t have distinguishable attributes
- OCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
- OCPBUGS-10892 - Passwords printed in log messages
- OCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc.
- OCPBUGS-10929 - Kube 1.26 for ovn-k
- OCPBUGS-10989 - Agent create sub-command is returning fatal error
- OCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group
- OCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder
- OCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update
- OCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before
- OCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating
- OCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours
- OCPBUGS-11040 - --container-runtime is being removed in k8s 1.27
- OCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region
- OCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI
- OCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8
- OCPBUGS-11213 - BMH moves to deleting before all finalizers are processed
- OCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules
- OCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes
- OCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert
- OCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node
- OCPBUGS-11333 - startupProbe for UWM prometheus is still 15m
- OCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
- OCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
- OCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label
- OCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile
- OCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName
- OCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN
- OCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades
- OCPBUGS-11460 - CPMS doesn’t always generate configurations for AWS
- OCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address
- OCPBUGS-11469 - [release4.13] “exclude bundles with `olm.deprecated` property when rendering” not backport
- OCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF
- OCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART
- OCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename
- OCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400
- OCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector
- OCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl
- OCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART
- OCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails
- OCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn’t be allowed
- OCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART
- OCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs
- OCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend
- OCPBUGS-7563 - vSphere install can’t complete with out-of-tree CCM
- OCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
- OCPBUGS-8699 - Metal IPI Install Rate Below 90%
- OCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod
- OCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly
- OCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing
- OCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip
- OCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers
- OCPBUGS-11307 - Egress firewall node selector test missing
- OCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation "k8s.v1.cni.cncf.io/networks-status", should be “k8s.v1.cni.cncf.io/network-status”
- OCPBUGS-11506 - CPMS e2e periodics tests timeout failures
- OCPBUGS-11510 - Setting cpu-quota.crio.io to `disable` with crun causes container creation to fail
- OCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO
- OCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift
- OCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92
- OCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image
- OCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS
- OCPBUGS-11669 - Bump to kubernetes 1.26.3
- OCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe
- OCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools
- OCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes
- OCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update
- OCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9
- OCPBUGS-10249 - PollConsoleUpdates won’t fire toast if one or more manifests errors when plugins change
- OCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains
- OCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo
- OCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn’t work in dualstack cluster
- OCPBUGS-11107 - Alerts display incorrect source when adding external alert sources
- OCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel
- OCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page
- OCPBUGS-11390 - Service Binding Operator installation fails: “A subscription for this operator already exists in namespace …”
- OCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount
- OCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?
- OCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO
- OCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9
- OCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default
- OCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script
- OCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART
- OCPBUGS-11789 - [4.13] Bootimage bump tracker
- OCPBUGS-11823 - [Reliability]kube-apiserver’s memory usage keep increasing to max 3GB in 7 days
- OCPBUGS-11848 - PtpOperatorsConfig not applying correctly
- OCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop
- OCPBUGS-11908 - Got the `file exists` error when different digest direct to the same tag
- OCPBUGS-11917 - the warn message won’t disappear in co/node-tuning when scale down machineset
- OCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks
- OCPBUGS-11968 - Instance shouldn’t be moved back from f to a
- OCPBUGS-12198 - create hosted cluster failed with aws s3 access issue
- OCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]
- OCPBUGS-3931 - When all extensions are installed, “libkadm5” rpm package is duplicated in the `rpm -q` command
- OCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13
- OCPBUGS-8243 - [release 4.13] Gather Monitoring pods’ Persistent Volumes
- OCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy
- OCPBUGS-10832 - Edit Deployment (and DC) form doesn’t enable Save button when changing strategy type
- OCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced
- OCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured
- OCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially
- OCPBUGS-11919 - Console metrics could have a high cardinality (4.13)
- OCPBUGS-11985 - [4.13] Ironic inspector service should be proxied
- OCPBUGS-12172 - Users don’t know what type of resource is being created by Import from Git or Deploy Image flows
- OCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2
- OCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack
- OCPBUGS-12225 - Add new OCP 4.13 storage admission plugin
- OCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid
- OCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator
- OCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests
- OCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time
- OCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores
- OCPBUGS-12698 - redfish-virtualmedia mount not working
- OCPBUGS-12703 - redfish-virtualmedia mount not working
- OCPBUGS-12737 - Multus admission controller must have “hypershift.openshift.io/release-image” annotation when CNO is managed by Hypershift
- OCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing
- OCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s
- OCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror
- OCPBUGS-10811 - Missing vCenter build number in telemetry
- OCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted
- OCPBUGS-11218 - “pipelines-as-code-pipelinerun-go” configMap is not been used for the Go repository
- OCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled
- OCPBUGS-11799 - [4.13] Bootimage bump tracker
- OCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted
- OCPBUGS-11955 - NTP config not applied
- OCPBUGS-12186 - Pipeline doesn’t render correctly when displayed but looks fine in edit mode
- OCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected
- OCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set
- OCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named
- OCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host
- OCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA
- OCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting
- OCPBUGS-12854 - `cluster-reader` role cannot access “k8s.ovn.org” API Group resources
- OCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack
- OCPBUGS-12865 - Kubernetes-NMState CI is perma-failing
- OCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode
- OCPBUGS-12999 - Backport owners through 4.13, 4.12
- OCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
- OCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]
- OCPBUGS-13076 - Load balancers/ Ingress controller removal race condition
- OCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied
- OCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN
- OCPBUGS-13057 - ppc64le releases don’t install because ovs fails to start (invalid permissions)
- OCPBUGS-13071 - CI fails on TestClientTLS
- OCPBUGS-13072 - Capture tests don’t work in OVNK
- OCPBUGS-13157 - CI fails on TestRouterCompressionOperation
- OCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies
- OCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json
- OCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2
CVEs
- CVE-2021-4235
- CVE-2021-4238
- CVE-2021-20329
- CVE-2021-38561
- CVE-2021-43519
- CVE-2021-44964
- CVE-2022-1271
- CVE-2022-1586
- CVE-2022-1587
- CVE-2022-1785
- CVE-2022-1897
- CVE-2022-1927
- CVE-2022-2509
- CVE-2022-2990
- CVE-2022-3080
- CVE-2022-3259
- CVE-2022-4203
- CVE-2022-4304
- CVE-2022-4450
- CVE-2022-21698
- CVE-2022-23525
- CVE-2022-23526
- CVE-2022-26280
- CVE-2022-27191
- CVE-2022-29154
- CVE-2022-29824
- CVE-2022-34903
- CVE-2022-38023
- CVE-2022-38177
- CVE-2022-38178
- CVE-2022-40674
- CVE-2022-41316
- CVE-2022-41717
- CVE-2022-41721
- CVE-2022-41723
- CVE-2022-41724
- CVE-2022-41725
- CVE-2022-42010
- CVE-2022-42011
- CVE-2022-42012
- CVE-2022-42898
- CVE-2022-42919
- CVE-2022-46146
- CVE-2022-47629
- CVE-2023-0056
- CVE-2023-0215
- CVE-2023-0216
- CVE-2023-0217
- CVE-2023-0229
- CVE-2023-0286
- CVE-2023-0361
- CVE-2023-0401
- CVE-2023-0620
- CVE-2023-0665
- CVE-2023-0778
- CVE-2023-25000
- CVE-2023-25165
- CVE-2023-25173
- CVE-2023-25577
- CVE-2023-25725
- CVE-2023-25809
- CVE-2023-27561
- CVE-2023-28642
- CVE-2023-30570
- CVE-2023-30841
References
- https://access.redhat.com/security/updates/classification/#important
- https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
aarch64
openshift4/cloud-network-config-controller-rhel8@sha256:852e868322d78354e0e3497bd90e71b5e12bffdff2b0197c1c5779c5c068272d
openshift4/driver-toolkit-rhel9@sha256:9d19bba25f4b598774e7a8bde385e26d40760a6e2e07e4882d1c8541c981ceba
openshift4/egress-router-cni-rhel8@sha256:4d282ea8837b4c8da08af1a0f53cc4cf01cee5be5df7a19ae059600cbe283180
openshift4/kubevirt-csi-driver-rhel8@sha256:a1bfc274eb04718a68e3bf6bd47aef37207d68608432732a3642614124334f62
openshift4/network-tools-rhel8@sha256:192eff7fbedb953f35743cbb77412a3e14d3051304c0fcd1536c8ef077e29d50
openshift4/openshift-route-controller-manager-rhel8@sha256:0b325e6dcc24bb1ad8ab57bc35bd970070d4c1143d0af4ead2728ac2e0d158bb
openshift4/ose-agent-installer-api-server-rhel8@sha256:0a1f7a9357bf2408e2efd598952f314158e7fac1703f055b4dc614e562c508d2
openshift4/ose-agent-installer-csr-approver-rhel8@sha256:6771fb1c9c94a08230ab197e245cc67002fdbb51c9bee29c3cca0d677eac8d75
openshift4/ose-agent-installer-node-agent-rhel8@sha256:f25dc567ec40bdc73c9b52c54fff2855d5549ad99bc9f0272d2d5437b7ea26e5
openshift4/ose-agent-installer-orchestrator-rhel8@sha256:99519192b7188b7c5b2f441ffe50a86e80be1a9eaad22a9bff5374f9d317df11
openshift4/ose-apiserver-network-proxy-rhel8@sha256:ca09842b15ded3a150f55d04fb814f60b4606df83249c26dececab9a05bf69e5
openshift4/ose-aws-cloud-controller-manager-rhel8@sha256:3fc23836edfb89ed330f4d40a3fb19ce76c3df103e04ccd58bf9cadbe12cd5ab
openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:831e824f20ef074c94fca3865121317d15eefa4c5a6854eec7c99bdbb6e02ed6
openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:c7295b7697e66f2d5b5fa9e52ef6ea86f1d8b6424d181f87891b3a15838cfffe
openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:6d1031ad6066cb14c633dda8430bd510ef975d15ff58aa9b4b24f0044ea290e3
openshift4/ose-aws-pod-identity-webhook-rhel8@sha256:8360de0f011b556605ae7f6f351ba014d94d8225959d473728ef5673c3f03723
openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:f23e26e252fbab5cdc9d65ca3fe70571b67136cb83e00f7c783e4c6e7ecc6f74
openshift4/ose-azure-cloud-node-manager-rhel8@sha256:028055325ba4f06080c5f5ce46530322f6b506a27345790597303070740a1b58
openshift4/ose-azure-cluster-api-controllers-rhel8@sha256:4d725c0d0db2d08eeb5897a0ce9a1259d0253bc1a828fe9765ab950d9e59ef0f
openshift4/ose-azure-disk-csi-driver-rhel8@sha256:4377791e550e1b01252f6fa7fab3a2927703881b539d62ba560354d977f8585e
openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:e148e7c3cd91206c711a8f36cbd47b61c9b27bf800de8bfa5c4267cfb33cf311
openshift4/ose-azure-file-csi-driver-operator-rhel8@sha256:fbb4bdc85afdcde91f7d2464dedad4bd396efe2cff9c0d7196964b92ab52ba76
openshift4/ose-azure-file-csi-driver-rhel8@sha256:b683ccf644f13e48a57774eeb49fef5aab2b36c94cfaa96b15639b75f34ccfcf
openshift4/ose-baremetal-installer-rhel8@sha256:22501024cd69576840c29807de4e93beb3c5881c2bda6876e8544ee1f05d37a0
openshift4/ose-baremetal-machine-controllers@sha256:eb4350007f8602ae1217a1ab7f861dc1a79ec79f097c1fa34073c9de2371c41f
openshift4/ose-baremetal-rhel8-operator@sha256:4ed43e1856c74a57178c63cc80ff587ca2e045dfe71825363f7eca5963b847cc
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:86e679e7706b5443232a27ca44501b2a2506832626c212a2c294037df608c609
openshift4/ose-cli@sha256:25b1bb086a4eee276897911075a9034ddbf44d2ccce39c3c4b79cc59bfb6f226
openshift4/ose-cli-artifacts@sha256:1cd191d47fa0d142f7275c8afe84aea4317f8e68beabade893a31251085e7c6d
openshift4/ose-cloud-credential-operator@sha256:4c6d0b298a89d99a6eb2ff8b5c70f7b2b5d1c2c82763be8441315292c32c3f8c
openshift4/ose-cluster-api-rhel8@sha256:9efd2cb9e7768082dae484f7589ba9dce7bd14cbecf81afd3ed2ad8842128a61
openshift4/ose-cluster-authentication-operator@sha256:56e56a48966e3c1b432ecd70a8ef2c25f5d200552f264d9c80d2bb66b5bf8390
openshift4/ose-cluster-autoscaler@sha256:17b03b016e526c42ff4eb3f3f479f0f2fa2f2cc12befa1699ba954fc109c8169
openshift4/ose-cluster-autoscaler-operator@sha256:60b2020165e10c0fbc701e8806643fd351ad467cebbcb26d19895dc554024182
openshift4/ose-cluster-baremetal-operator-rhel8@sha256:ca4c74e0d7732cbb6ac26eafce335dc3ff203072d8bf31da5cf07eccc61c6eaf
openshift4/ose-cluster-bootstrap@sha256:8c83a118c77b5b26669a737fa444a8615d28ac2fce52a8cbb9c3df38f5c95d50
openshift4/ose-cluster-capi-rhel8-operator@sha256:c436cbbc286a02458ec6b4e1f155f4a6cb247c594be8e6624be26d682634478c
openshift4/ose-cluster-capi-operator-container-rhel8@sha256:c436cbbc286a02458ec6b4e1f155f4a6cb247c594be8e6624be26d682634478c
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:8479583b74c6e7918c9462a4bf72876654acec081730d5715d775ab2a4441d56
openshift4/ose-cluster-config-operator@sha256:04c5ed46007fbcee23cc61a845d960e97d576987b74b519d89cdace43b3c162e
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:0d5c4bdf38c544b8f97295d90f0fa5e189660a591f0be13cb660850d87a8d753
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:ed0a57db2199521536df36fa0b2a8971b520e5837f719284b94b42550c8c2525
openshift4/ose-cluster-dns-operator@sha256:be382c78347974c79a671cb799fd1f97b3d9a66db6b46701bef583e0d78ba998
openshift4/ose-cluster-etcd-rhel8-operator@sha256:100bef23844d5282bc12546791be4ac4584164bff988f9313098aa67220d7320
openshift4/ose-cluster-image-registry-operator@sha256:33a692b5b4d7a911b251fa972035b61ae596d94dbd3eb70f0c799ca20511cb09
openshift4/ose-cluster-ingress-operator@sha256:fcc7dcd674aef6d126b5337a76bfa07d805566fd859c1fd86b584a87aa736816
openshift4/ose-cluster-kube-apiserver-operator@sha256:d8f0b6950d77b75fbc6ffbe29577d37164140f64db5bb06a35bed82b26a6d847
openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:4b43285fc5d6b1fea9122fc72cd9e390caac963d9b2deb8fd29fc0b658b82335
openshift4/ose-cluster-kube-controller-manager-operator@sha256:027626a270fd0e1d2755d85b03c258db2d2995a01cdfe339a76d55b108b72660
openshift4/ose-cluster-kube-scheduler-operator@sha256:0fac91fa7e7f34045ef3e2e30c8858e95b35347fa1e543216a1193bf766dd1bb
openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:ada825c222cae94b3bdbf9585b63f13cd345ccc6f5aef49bb4b8131e0f63f460
openshift4/ose-cluster-machine-approver@sha256:af7247e6431e6e407a2134b6f69c796ec2b9bf2a717a20fb9375b91fbaff6c3f
openshift4/ose-cluster-monitoring-operator@sha256:fcf5705a01366613063d135ce444003eea6b2497d60a92ad9f04b4f84f03cc77
openshift4/ose-cluster-network-operator@sha256:b3823eee4676f32b73957e571129668fd536e32df1685392af19dce7ca1a3c6c
openshift4/ose-cluster-node-tuning-operator@sha256:bd4a1c6fdef3938df4532d4d77175d4ac172d266d7fef144c5301eb4816537d7
openshift4/ose-cluster-openshift-apiserver-operator@sha256:93cdca9929c9ce4a8510e1954c398e6de707cc0df41cf224775253369744e7c5
openshift4/ose-cluster-openshift-controller-manager-operator@sha256:9897224124ac0b719e09da3d3b487b2bde20aeba38bd7b50d90b0772b7445a67
openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:39263a5f488ff5eb6c426ada596aa8817861e06e854204e506e2b3f1c7d5da58
openshift4/ose-cluster-policy-controller-rhel8@sha256:485bf41406e6d107189c0dd2d80e16c236924bbd2e3db64f1158fd6907c74624
openshift4/ose-cluster-samples-operator@sha256:753cb4d4f88bb187c10db285dee44846080c3b226aa0209ccefe000eedd4dab0
openshift4/ose-cluster-storage-operator@sha256:5ad7125fe152082687a2df3b68223dbbd606920d1676edc90aa9843a63c5bd5a
openshift4/ose-cluster-update-keys@sha256:13351d5c0442016b21ecade9ab7161c46c0e89ad922f85ebbc4ae3174930f41e
openshift4/ose-cluster-version-operator@sha256:bc60e733cc05a708251117152c22a96df7468fa7bd1c2ec6400d41d88b4f6f67
openshift4/ose-configmap-reloader@sha256:22f9cc3526b441d8338d5a239238c5d11dd8a69be1b3e5ab93b6e8dabb0d5461
openshift4/ose-console@sha256:83549a88b49572d1bea73b2667bfae825919fd4e64506bd9ac17bef5a81aff1a
openshift4/ose-console-operator@sha256:f6d30b6c618d381e9924c06d1bdeb204ac70c9e6b500d85daba243931319920e
openshift4/ose-container-networking-plugins-rhel8@sha256:0c817a5e8ad4279dc3e51490b31c223a7132820bb878e7c3e8e53cfd9d7b0dc1
openshift4/ose-coredns@sha256:12a7b9e5d6bb21667dcf8e87435f32e3249e8c519793b6e7909e61cd3878c47c
openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:11b3089f14f234e92b41d2f56ad41ccf181b2d0305030209527dc3dbf554c872
openshift4/ose-csi-driver-shared-resource-rhel8@sha256:05fe1f75b165dddaa8954d0c186b0bbb85a0c2ad847d89f4aacdfdcbdb149e8f
openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:46f3899c5ca91904dce3e31afbb4ae8c730a6cd4236b7ffe69adff7ac725cf52
openshift4/ose-csi-external-attacher-rhel8@sha256:748c4e8b7f3a4cd37055d33e8fcb52a198142f814d4c8711be10ee0f5b675a70
openshift4/ose-csi-external-attacher@sha256:748c4e8b7f3a4cd37055d33e8fcb52a198142f814d4c8711be10ee0f5b675a70
openshift4/ose-csi-snapshot-controller-rhel8@sha256:2e5b2f99b0d02d9f0847e50f4d015ccafb807cec1e9fe1c6ed2f4e0d7b76996f
openshift4/ose-csi-snapshot-controller@sha256:2e5b2f99b0d02d9f0847e50f4d015ccafb807cec1e9fe1c6ed2f4e0d7b76996f
openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:14f36812918a7f877a5c37d01a95302b6ddf9a495f8b8d88b354d8f9ed12a407
openshift4/ose-deployer@sha256:f3a026a278d2c50c1c16462cde5cbf7434d8f0b8a6c15095d59f95ccccf0ef69
openshift4/ose-docker-builder@sha256:41b4a1badf7931ce0f91af5c8f8c7889510d2a3796e1ae356f7410e730277ecc
openshift4/ose-docker-registry@sha256:33170afea53cef29cf46b79b0464536be0728109f28a8dd812bed6f701877e79
openshift4/ose-etcd@sha256:8ad832ece10736479d11a6fa263f52b591b828ece96a5c793c5db8674edf7036
openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:3b9b2aa7ae230e9de2727fe564744486779d86dc72d6d3ff278efd607d40fba4
openshift4/ose-gcp-cluster-api-controllers-rhel8@sha256:9bfeb19558e1e9a8e42ceeb8bcdd2f643809de6a522804319b064fec0684c91f
openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:0d3edde51ba952d8b36b9931c232875d735ce622f776ef96fc170403c13cc37d
openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:f0e1841ac7b6241ea93d9abe3e17c61eceb34eaef6215d6092dac5faf801fe9c
openshift4/ose-haproxy-router@sha256:c74f1267e481b9d2838288a0c4c0d56d7326be3791d0de8fe5cb0c30bc83527e
openshift4/ose-hyperkube@sha256:5f6b3c44643cfcff527831243546a2a6ec0d54488f9006254b36647b2ec69e01
openshift4/ose-hypershift-rhel8@sha256:539bea1dc1c786b1ef30131312eb6a3b8d0eded513b2a4ce22aedd99a61a48ee
openshift4/ose-image-customization-controller-rhel8@sha256:2a0f4da4d84a3c13154a3f09962faaed8e7cb25cbef47c7c494185e41e08e74d
openshift4/ose-insights-rhel8-operator@sha256:273ff7dc0606c42870fafc252e1ac663a60d181e8677fb8176f5a1faf6449bb4
openshift4/ose-installer@sha256:36e94a66e2c4e1fd18a439ed76255cfd1da825d5cfcd8ab02c00ec43558a5ec7
openshift4/ose-installer-artifacts@sha256:6ba002516ea36e485c6b5ca456669e301ea91ac638e215226f82d6861e3cd971
openshift4/ose-ironic-agent-rhel9@sha256:7856cfa1c8455daa0a4fbc04526c3bc64acaac3c7bd37ab060bf81800623bba7
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:f905ec4992a48a90530f4ea39a2385ff181d99601cfe015b6f828b82f63b4670
openshift4/ose-ironic-rhel9@sha256:a2f1aef94cb8945a7fe74de89acac1020a168159e833e0a89ce74de08a51c6a6
openshift4/ose-ironic-static-ip-manager-rhel9@sha256:1e89eb45146bceee3c159615e205123b4db18e4b89e881c13dde7f8cc01b116f
openshift4/ose-k8s-prometheus-adapter@sha256:1ecb6f176508db730a05dbf15e53808149150f67ec8209a81f3a12e65fbaceb1
openshift4/ose-keepalived-ipfailover@sha256:cafd39ac49ac5de406410f45573aa0b63928213dbdc924312ee8368710655851
openshift4/ose-kube-proxy@sha256:92bc297556910b7ebc3d27b737e600d1a9ac61829c310d99950a24cdc5fdd3d8
openshift4/ose-kube-state-metrics@sha256:bdf997e2022edf50998ba5e1696e8db819bf1608250db2652037018dc1bcb433
openshift4/ose-kube-storage-version-migrator-rhel8@sha256:9ea87dbedd3e64b45eb342408aaccfdca3b0db24c4b036ddaac24f3f2434192c
openshift4/ose-kubevirt-cloud-controller-manager-rhel8@sha256:20093f877fd764c544092ee8fcd69186856d582379eb808cd8da144776bb5c85
openshift4/ose-libvirt-machine-controllers@sha256:b9e1ae9b400fbce8d125489318c56ed19600454b728db9244da327443db7e529
openshift4/ose-machine-api-operator@sha256:7350cd21c932eb43b9c3f67030eb0ffcb825fe1f58fc65d26de25b0a6492de7a
openshift4/ose-machine-api-provider-aws-rhel8@sha256:88ae125fcc4f11062af1fff4eb3468ca976b65c4c9615ebb40c081a73d162d70
openshift4/ose-machine-api-provider-azure-rhel8@sha256:6c4089836117f49b9b48cbc8246efd56e442bc92eb93b1469adcd3997e4f854a
openshift4/ose-machine-api-provider-gcp-rhel8@sha256:f6b41988b6d91dc784a6abc5d7d728e50799a61a63a481f0d37c93db3236d4f3
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:1c12e8c462b45fa99678571e451bdd26ebb714b2013887ce3dd50c2b97c10f94
openshift4/ose-machine-config-operator@sha256:9b01898fa7d9d711b4e7a4a07b073fd530828a33f0e4be57e80163bfb09bea39
openshift4/ose-machine-os-images-rhel8@sha256:a33ff33da8ef4240024a926e658714738585a3e8fdf8227143d0248c13637442
openshift4/ose-multus-admission-controller@sha256:1b8a127faf65ae1d538342b2528346a4ec26c161608133db15cd035bedee3bd2
openshift4/ose-multus-cni@sha256:71c4e5085954ef386df5fb4a17732083855965bb51e1d77b6eb0911abe3cc2e8
openshift4/ose-multus-networkpolicy-rhel8@sha256:5c03656f21bb26955d949e684c18409dac74b76347c638d8496a1beb23212d7c
openshift4/ose-multus-route-override-cni-rhel8@sha256:a3cf2a6f33a91ce302fbca1326d34fd52f879b40ca189c8c21f0c3315d074bc6
openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:70ce845461c2d847e7115da860970e40265f9c00c62b95a920d7ab21dd189a0f
openshift4/ose-must-gather@sha256:c5403b9f0589da222959befac917b116c4218938568bf2d71fd4358c2e3595ad
openshift4/ose-network-interface-bond-cni-rhel8@sha256:f06c1d761097a45be785c8cf5cc0cb20e1ecd6ba7f9cf854dedfb37caf7b3fdc
openshift4/ose-network-metrics-daemon-rhel8@sha256:4371cd803a293751fb7baf376a74bd86e1b0ecfe6c5c3f947e3ef43b08916cee
openshift4/ose-oauth-apiserver-rhel8@sha256:1b9280f0471ae2f42ee32a75eceef2286108b30e98c1a3fa8c2069b96753f9c0
openshift4/ose-oauth-proxy@sha256:183fe4495582938808d201a6b055ee710bc2486f2f1dbc1e61f160aeca4c19b3
openshift4/ose-oauth-server-rhel8@sha256:402397a763b3cf9bfb63d6d5ab6471b8ce79929d1ce4bd7866e7fef6880f3602
openshift4/ose-olm-rukpak-rhel8@sha256:619552fd7900d4f621d5cdf220d63222b6a65710ca7e6efd86a323d7977cd553
openshift4/ose-openshift-apiserver-rhel8@sha256:fcb4d966f5a74a52cfecd3a12e652f49fd77e55ec8b32aa5fe5547a9a1e5eafe
openshift4/ose-openshift-controller-manager-rhel8@sha256:e6877c6a94b5aa6d9ce50390b0944c7b1c4bd4a1c85364432a9a733d0c769469
openshift4/ose-openshift-state-metrics-rhel8@sha256:a7030fd2a1aaf3164bad32fc8f07d9f0054ad4e31608cf1c3619a3bd2ffef882
openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:8e1db0759cba1d08898ad47dc6c1d6a22951dc48f376d8821920f904275c2116
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:47a21efb6985d289cfdc82c56f04d1b498fa6b33d6768300879567e697906352
openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:092b6d96f26e7908c00c0ae2942318c7d62b7e994937765457ce10041b14cb86
openshift4/ose-openstack-machine-controllers@sha256:9a651c3bb15492e20e73ca1b5283b4c75c700a14d54b7e1cad32a871f09c1ec3
openshift4/ose-operator-lifecycle-manager@sha256:c91f37e007673816047064afff7007fde10e543031284fb71a86e0c3b1a383f2
openshift4/ose-operator-marketplace@sha256:55df08e1b87b1df997a19a6f870e42a55ea424718665952d3e4a718f57831f12
openshift4/ose-operator-registry@sha256:2d7f3e0566682836a66df177a3df590a4fb97283bf00376e578b01247d94a0fc
openshift4/ose-ovirt-machine-controllers-rhel8@sha256:8b70ed7f976219d30a667f545cf7339b207f2b0330cd84893aab82b786e5e258
openshift4/ose-ovn-kubernetes@sha256:00dfd5d2a46120d77cbd5b41d7bb23db534b711f91e7224d676c90efbc4ca949
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:c34822f641c382dc43e53cb939b32174f14b90d18d3ab191114b9a8af7a6d064
openshift4/ose-pod@sha256:d2a89b27563e268eb3c5a16ff555fba061a9904abe5d65f5a39312e816a01776
openshift4/ose-prom-label-proxy@sha256:ff54a07c38c111de0198e3280ef560781eb1dc094c09bc62f8e3d35ebee4a645
openshift4/ose-prometheus@sha256:bd86a5791216a965c8e94a1793403009b3c80ad75ac652d706eb50e50ea53cd1
openshift4/ose-prometheus-alertmanager@sha256:24c27ee8a4da4bc7990122a862991621ae985f60f0c33e4145f52b895b28a32a
openshift4/ose-prometheus-config-reloader@sha256:1fd4265a7c6ae48a316e205a770103d6c7edb4140acfe40854e1bd34b0932e07
openshift4/ose-prometheus-node-exporter@sha256:7a8c0c1aa0577f34537f200fea438e8a82f7afe55115ce2da40d0d30429c2578
openshift4/ose-prometheus-operator@sha256:4822cc0eb4f01634ceef84cb3a7b52d59485c40fc604545390e577371640b857
openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:595c1a67c5ab0a1b88acc6c889a9f083384151fc3cb58263f2324e3fc19f1815
openshift4/ose-sdn-rhel8@sha256:6b4874879777d17e54fad539be97cd1a5f20002061385c7cf45e40179ded1269
openshift4/ose-service-ca-operator@sha256:a89e4c39eeba38f2f48f8d40fd6cfbf3d2c407d1f6d9ea00be9e1456524e488a
openshift4/ose-telemeter@sha256:2fcf371dce12877facba0c48d768c6c6bb343cc3eea06ca8270199285e279292
openshift4/ose-tests@sha256:4793c34cad0af89f4576a75b3bca212fe6fab295fb1e014a7c59044d1ba0ec55
openshift4/ose-thanos-rhel8@sha256:9f32c356b85c2b798a74d4f35fb2a1af0ddf55136cb8f7659261f38df75af67a
openshift4/ose-tools-rhel8@sha256:12d1cf37f2e1069f847eae7d2a7b078de6c9b374025c02eaac21dffbd75adfbe
openshift4/ovirt-csi-driver-rhel8@sha256:41185d1997bbbe2dacb0c9a35e871726153de35cbe429f4b8277fd82ef894cad
openshift4/ovirt-csi-driver-rhel7@sha256:41185d1997bbbe2dacb0c9a35e871726153de35cbe429f4b8277fd82ef894cad
openshift4/ovirt-csi-driver-rhel8-operator@sha256:53c1c5178e539fdc34584b5c15f2e313544c5fba9db06878f62728c4de50117f
ppc64le
openshift4/cloud-network-config-controller-rhel8@sha256:dd8921a864fd09a7125936f58dda6470941f3f3bcbff8ffc7bb8553c3bc36ba1
openshift4/driver-toolkit-rhel9@sha256:a7af1e954999da184042db8646c703030fb15b299de3a067c3d4d0880af0d389
openshift4/egress-router-cni-rhel8@sha256:60de1ecf642c5ed2c22597ade0cbc33653ec3d15282a8db5c1e9651de7e51321
openshift4/kubevirt-csi-driver-rhel8@sha256:2e64b1238f73554c80cb24dbde31c1c83a876948d41ffef7ffd89ce6954dfa31
openshift4/network-tools-rhel8@sha256:79432595b5d8ffad893dfc747348af5084e0bdeb171f4ec584e537b93841faf3
openshift4/openshift-route-controller-manager-rhel8@sha256:ac9ae0b0b9be554c02cfcd9d5f0d110c9e656c13f301585f68bc9a4745c9da38
openshift4/ose-agent-installer-api-server-rhel8@sha256:e8ea11352375a8bd53ebe8a98f18fd0d00e0d676645743d4529bc8b6fbd5d63d
openshift4/ose-agent-installer-csr-approver-rhel8@sha256:517f9fc5003e782873952600a2507fe7a30a31f5ed5f99483ebe24661ae467fe
openshift4/ose-agent-installer-node-agent-rhel8@sha256:72116ae4412e1994a553b2cea4467472449f5d359ce01dd24fd5a6c37df3bc96
openshift4/ose-agent-installer-orchestrator-rhel8@sha256:03c452de8b408158885604363e60b37df3b0e7c9c3f585892867dc494d1564c8
openshift4/ose-apiserver-network-proxy-rhel8@sha256:823af91cc063d2214feaa492b180d990a0a88d05f78974d4e3b9849d4e716461
openshift4/ose-baremetal-installer-rhel8@sha256:3065bd9d7ec5cbdc05c40fe471def91dc0fbd73dfa97d0a8c6991c878c8fd878
openshift4/ose-baremetal-machine-controllers@sha256:2fcd72355f15f196a66d8da4108f5a967a441c4e6d05465b5ee926ed39e63691
openshift4/ose-baremetal-rhel8-operator@sha256:888ef06bfc5bd622dca8c6afc142688aef863acf0c4a7d45f5bf602ca9cb6859
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:5ee131c9db147a0bcd78e22aa9e7f88aaf9f349411eb6bf94d382c001080c221
openshift4/ose-cli@sha256:6ce0f0471e768ccf3790ce66b4fc4898ebb93fcaefd207f48c8741ab5a496779
openshift4/ose-cli-artifacts@sha256:d923001af95acdbfa3131dc52d8ace38d3bb20c93c3e0ba22d8edfac30aecc9c
openshift4/ose-cloud-credential-operator@sha256:8d066d8cfc08ac32294b62ac37bee392594b99e4ff1bca11e0c3d7614cfd3a44
openshift4/ose-cluster-api-rhel8@sha256:939c322c16dada59ed02d473b01182f69fabc7aaa2a2d93b46ace9f932fdc02d
openshift4/ose-cluster-authentication-operator@sha256:13a304dce1a6f772a18dde2828e3a7aa42a9d5aa99275d1998eb18769af37af6
openshift4/ose-cluster-autoscaler@sha256:7a3acc33eec7fd10c652e200499b85d3f6eb0457bc24388a2ef67b8909c55539
openshift4/ose-cluster-autoscaler-operator@sha256:53661a96ccf76616cd6cac9eb98e72592af1d5ac621ce0426e7f7ddc6e215bdc
openshift4/ose-cluster-baremetal-operator-rhel8@sha256:8d8f36683749a4fb0aa5195769cfd935ed33d1484bf0f5f198698be1541965b2
openshift4/ose-cluster-bootstrap@sha256:7250fdf737d182b7ab7b9f3569440b03ef391eb133e969e40ecc5d5bcc65846b
openshift4/ose-cluster-capi-rhel8-operator@sha256:fce93e6795bff175d1959c3bf7b4a1eb6f2312820908ee0eabc68c2386ed295f
openshift4/ose-cluster-capi-operator-container-rhel8@sha256:fce93e6795bff175d1959c3bf7b4a1eb6f2312820908ee0eabc68c2386ed295f
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:0b86f955bf0da88a86d71b5b15d94a4db25b599359a39771aaee0c74935ddeea
openshift4/ose-cluster-config-operator@sha256:41c22bc78d7110fd38b0354f78bf4a9de68aa3af611553b447d027304ee58be1
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:48ad3d7bff55caa239689cd1d291c5ace860786c7378814cf17da7be4665921c
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:8437dee5668766aff27f44251a7a9bc6042accaa5755fad9e49902e03641c8a4
openshift4/ose-cluster-dns-operator@sha256:0ba118720feca73734608161c7a2c88c9ce818c27c959e0abf64b4746a142c1f
openshift4/ose-cluster-etcd-rhel8-operator@sha256:0229d9781a96018e0ac8aea86cc66d2d35de7765628441567192bef849d80a1f
openshift4/ose-cluster-image-registry-operator@sha256:d3711fbf8ae9bebb5efc87050b6206ccb6debdd93ee3ec5678c661acde75beb5
openshift4/ose-cluster-ingress-operator@sha256:44436b9ea6d609aa663ef9efa3b76f92c5fdc46cbe04398588aeb8c8f9f8709b
openshift4/ose-cluster-kube-apiserver-operator@sha256:7a8e9ee9a684cde959a83ba07e96ead3aee75e111c82a8250bbf8e6a3dace44e
openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:b072ae31b9618ba2a1c1862f6d67bdd617ef718c631fcffd687133ba6b40cf71
openshift4/ose-cluster-kube-controller-manager-operator@sha256:d34b0a70efb64728c16498a8d4b67f59abfb70843c57038e4844423e476de2b8
openshift4/ose-cluster-kube-scheduler-operator@sha256:6552e0c63430fb4abf181f39dae8cc21a696bd3ee60d5101011c34480900e0a6
openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:1a37d48bbc342f0a1c4e2665b5191cc90097ce23ec81a9191629f5c21cee7628
openshift4/ose-cluster-machine-approver@sha256:a602fb4bbdcada851b3f448185c03569663df75b90e4de2c0812e8a6b8b1bfe2
openshift4/ose-cluster-monitoring-operator@sha256:8c58fd80413d95fe4ea387aae21212056cb178f40c2fe42ec3f9f8656422ac37
openshift4/ose-cluster-network-operator@sha256:7b1b519c9c08370953cc648a3413f3a88782cf1353ab8082ff20a88dc7c5218a
openshift4/ose-cluster-node-tuning-operator@sha256:d241747111c0b477c6f97862bfd00c189927d7b8f8e55932ae9fd7e1e3c0e602
openshift4/ose-cluster-openshift-apiserver-operator@sha256:3684dbb73e36943c7003476eb10d8b32a084471ecb5c81ded4def5ecfc185e2c
openshift4/ose-cluster-openshift-controller-manager-operator@sha256:f4ef19de962c607ce8cf457c24f2353cc9493278ac8fc58edec1b0aa8d884fc6
openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:916b995da9f7e5c29261ca817b2a4190e48b13a47057e02229d6482d8288eaa4
openshift4/ose-cluster-policy-controller-rhel8@sha256:cd11909643e5440e7ad26e79b09962cecb016de8d0a04acf9273304b1a1b8246
openshift4/ose-cluster-samples-operator@sha256:6a09f492b8ad4dc15277d90564f6065ec6f7cc8a06e2292251318950fa6198c9
openshift4/ose-cluster-storage-operator@sha256:b1978c15a46ba935be835fa22d4f912eb26b9f1679139083d5246d27541155f7
openshift4/ose-cluster-update-keys@sha256:99e32691fdf322551fe747633b927977d504a06fff001833115b7958fc1f7f81
openshift4/ose-cluster-version-operator@sha256:8fb9fd10cbc9dc0ab23c79450fc7f4b4afbd42211ff404fa4c4af5d2da49ac0b
openshift4/ose-configmap-reloader@sha256:8a9e96e26a304088b6c9fc62396a0f57d432843872e8ea4dbf3188054e739305
openshift4/ose-console@sha256:08c09d25b72af0c650b499b622b3f508c63e4f732c6e75b381e4f62f019aaff0
openshift4/ose-console-operator@sha256:5defae6e72e80967fea7971cd8981cc7a7e352bee7d68cdbac8fe4a16d03ec6b
openshift4/ose-container-networking-plugins-rhel8@sha256:2e42445615adccedee8b544d2c338e8d93f617b23ccbd73111e406b0fb216fe5
openshift4/ose-coredns@sha256:f62af6f88e0d9fd0191cc22072f1cd424eff1ae367d247aac1cb579305e88234
openshift4/ose-csi-driver-manila-rhel8@sha256:8ec31433a9e4184ff978915e7ddc99c3435c23c5ceec5e4066d26f41baf521d3
openshift4/ose-csi-driver-manila-rhel8-operator@sha256:2fb3a1070fff3897bc0765ad2d908524cb35faec9c4b42b0d160ff84cdb482e3
openshift4/ose-csi-driver-nfs-rhel8@sha256:d483c5e0f49e59d7ab710502d20a0bf88130192ef320684e2048043dfeab17bd
openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:d41663b3425c1e137052d2b0b3f29d9cb7d2da27806856400db402cfc4f91ab3
openshift4/ose-csi-driver-shared-resource-rhel8@sha256:c9e9a92a0962624fa45477208276a538e82a79d56f7096625037e0a0ab763dc9
openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:0870de05b263ef8bfe91a8f6e769369fb48ba0996f56845d30f4c63ff066c9cc
openshift4/ose-csi-external-attacher-rhel8@sha256:54ccfb8d75401645df9c95954769b1fc75e54d83f9ffebef796862d09bab498f
openshift4/ose-csi-external-attacher@sha256:54ccfb8d75401645df9c95954769b1fc75e54d83f9ffebef796862d09bab498f
openshift4/ose-csi-snapshot-controller-rhel8@sha256:12815c8f098cb97516f169dc5aeee10c95709fa45e4ca2dd886001353dcaae15
openshift4/ose-csi-snapshot-controller@sha256:12815c8f098cb97516f169dc5aeee10c95709fa45e4ca2dd886001353dcaae15
openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:b310a6d7d7dbd33abcedcb19797295357a71cd8b20fc4b7f8bc24db34893aa70
openshift4/ose-deployer@sha256:513819800ddf9746bba8910d8f4135cbc33553300f65167452b9a9510dbe47c6
openshift4/ose-docker-builder@sha256:541db8dfdd503932f540d8a74f94c0cf1b41b4569c6e49986fd47eb6ee545fda
openshift4/ose-docker-registry@sha256:8df961ec26fde80e4d7d30d599ca03f8caa1455eda34711537592447e34bac85
openshift4/ose-etcd@sha256:6b87e740d390b74059e51a94f482812c60ac44440498931685cab5d469873fa2
openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:52ddba0ccdcfc8424aa6bde08ba1383e52eda5abb38ddc4442f427f377b1d389
openshift4/ose-gcp-cluster-api-controllers-rhel8@sha256:aeb084f97fe58123edf5473c2384a57f23b26a53a85f0ac1757e4bd28cf8e420
openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:f68c18db2fe23e52a682e5b3683bb56cef1a9a8dc9dac003215a6dee0bef4a6f
openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:3477d193ac589f56aca9fd0e9f7a0256cfbe0543253df23db6a8a160bf1f2e98
openshift4/ose-haproxy-router@sha256:1d32fc6b612da149461c0c8e8069c14e9d51484269cd7e3a31b194e291b883e0
openshift4/ose-hyperkube@sha256:6984c609c3fa8af4a0bf5e4bbe2f3d24a930567fb1a6d2e9349573b7a504b235
openshift4/ose-hypershift-rhel8@sha256:0788b029611eee47230d27ec0caff5f14d42bf1cca93b5adaf334032847c8541
openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:6a11de9c075891ac5d1bf9a6ba6075757ddbff0ff35005ce30f5fc715f9508ff
openshift4/ose-insights-rhel8-operator@sha256:5d9c3da7399421c7ba4f9b72b3a97ec743bb100d87fcfa616415db0722761cdc
openshift4/ose-installer@sha256:4b45c87aa7b2c30a14c5367daf1058afec12fed42762bb58668b8a50fa86db27
openshift4/ose-installer-artifacts@sha256:34d0551a8dd2ff12bdfb9ada8dd3d9c47bdb0873574c1bcb93bff21e29492649
openshift4/ose-k8s-prometheus-adapter@sha256:d0291044e99017c521e3834cec3ac74c2da0f05eb6d4493646d856c9a46d5379
openshift4/ose-keepalived-ipfailover@sha256:365b3ce4fbc8e725812250841d48166671653625df72acd9ce1e5e25420f021c
openshift4/ose-kube-proxy@sha256:edfe0b2c78ecb262903c2470252561ec18b44bac8c3be03bc04db54e2db14766
openshift4/ose-kube-state-metrics@sha256:8d99c1f1460e4ad26f19e31ec4020e5a8cb974a623962f66a78d745e427de5bc
openshift4/ose-kube-storage-version-migrator-rhel8@sha256:26856dc1e9bbca13818ac3d0c7aee3c2dccd3000b799a7398fefdfd567b88dbb
openshift4/ose-kubevirt-cloud-controller-manager-rhel8@sha256:20b3bbeaeab848bd8723c2be74a46f2457751685985f5d7d975e8b3b45d0ea1f
openshift4/ose-kuryr-cni-rhel8@sha256:7f448cedd784ea7f7c81a7c985867d16b9c71974bbdd101dc3dbd2fcc404ea65
openshift4/ose-kuryr-controller-rhel8@sha256:462c10601a0bad9a0efaf6673e9b1187848ac8eef4a5b3888d623100c7fdb039
openshift4/ose-libvirt-machine-controllers@sha256:2b8d29eb8b48fe095881b212eaddcb160cf6ef9525d3aeadb096139717e574d5
openshift4/ose-machine-api-operator@sha256:a110752b6744d1ed2997b897ac4cd22c8cbf7ac12379211ce3d24bf1c824070e
openshift4/ose-machine-api-provider-gcp-rhel8@sha256:b5e59a239c9866a74817e0a2342f8d00de487e29ad1586492181b2ac177b5497
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:22f2ba749cb47353d6033d30e0e3f3894dfc156e08138aecedf8ed99e4108fa0
openshift4/ose-machine-config-operator@sha256:f974f79354e4e81afc562d14f1e863321b4ccf393af4df63deef28dd5f5406d4
openshift4/ose-machine-os-images-rhel8@sha256:ca04788e1e8a33e49f373dae3b23f058e5851fd366f64d03e5d236f3aebf3267
openshift4/ose-multus-admission-controller@sha256:831ec1d561886578321a1d27b516f7f409f6fdd9af41cf00a714202dfdcc1d4f
openshift4/ose-multus-cni@sha256:5a241d3a1162a1d014d042a0df45771b9d7e3ed077653557dad221fe7e47b353
openshift4/ose-multus-networkpolicy-rhel8@sha256:d4d2646a43556d5aecf9c36d36cab9614d25c0f56c80044a990f65aa5188b37e
openshift4/ose-multus-route-override-cni-rhel8@sha256:706c535055be9e03d443cf6f5dde2052b1fa393771cd3862da5f2152eb4032a7
openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:798b7175c5ebd6a937b9aac7393277dad6dd7d389db26e30004f3c8417e217a4
openshift4/ose-must-gather@sha256:7beb5c18eca470c8723652365bafff09dde95784a82bc5572821d0013a7c5716
openshift4/ose-network-interface-bond-cni-rhel8@sha256:4692d8184169d1b9968d750e803063bda0b97fb5b062cfe3923f70c378ceef2d
openshift4/ose-network-metrics-daemon-rhel8@sha256:7f93b10f08f96df868e135b0a85e429ed08e16829f645e2097bfe29f41fe9ada
openshift4/ose-oauth-apiserver-rhel8@sha256:c5cdfda34492d9c6ae07f04df23a91449c5fe5954a180b34ff649539c71843fe
openshift4/ose-oauth-proxy@sha256:75e6219cfb4d76651d604007054f04411961cd6d00c84f3cf0f5881d3e149101
openshift4/ose-oauth-server-rhel8@sha256:482f53cfae2cd0a9b7f284e1e45bef195435fc5abb688a645baf8573787dcad5
openshift4/ose-olm-rukpak-rhel8@sha256:672d4157b3c91caef7c463695cb890435ff923318731e5a743260152625c7899
openshift4/ose-openshift-apiserver-rhel8@sha256:afb9eaaceb72814ffe1fdace8d4b05b2fe64ac764359361eef9630f344bc09e5
openshift4/ose-openshift-controller-manager-rhel8@sha256:db23c4a972f0611dc4cdf19e407748fb517d532044b1cf34e4467680ac6b3d9a
openshift4/ose-openshift-state-metrics-rhel8@sha256:4bde353311dd0fb8fc58aae6ae99867c53acbe3393f10b0d5f37314d498576b7
openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:8bfd3e60d2807cdfbe4fbc7fe77c5108512f8d4b8c891fe160dd40ee911178c9
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:7666da0966af8f52ff0f9a694847b35b5cd575beb91609bae7799024d2286a47
openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:f4dab670cefc1a910e4d637f498497142efa715364b05ba67c229d8a99c73a19
openshift4/ose-openstack-machine-controllers@sha256:b2e12028d0164a999373b5cd3ba63023e7158650b39352902b182cdf3c30613c
openshift4/ose-operator-lifecycle-manager@sha256:ecb5de5543db8b394eda31aa4d0b250335c051927d3b8afc5eb8ec35ccf25a2e
openshift4/ose-operator-marketplace@sha256:5730c3d8de6dd35a0f0fed554669926b3725e0a81d787271a40334045c963d81
openshift4/ose-operator-registry@sha256:0d0a059d3796abecf902562787a00c338df94138283ee8849598f27141f97606
openshift4/ose-ovirt-machine-controllers-rhel8@sha256:fe6e722e45450b6d903e77b852fc7a82c6ca750ec1bc519753a2fe227aab7b7f
openshift4/ose-ovn-kubernetes@sha256:8e492d338aa1a94cc324b4e507a77ee1ca0e27ffa61e2d2c2048accd101e774f
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:8405175800e5cbf5e29568115f3f31a0bf70ddfd8bcd207ff498b5cda9297208
openshift4/ose-pod@sha256:c6d93c1d3ea37b2c36f2281a5352b79eac5ae8e1a043baceedfff92dddbbe222
openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:611df18fff56242f81b4924f33f900ae99faed3e3e8c35b1998e3a948c29ed64
openshift4/ose-powervs-block-csi-driver-rhel8@sha256:01ca38fb0dd86303f04c0d1c428d2c8866f08ab86da4b588ec79fa0ad8809cb8
openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:c485377f7719c52d18612c1af07a363dbb9c6aa59d7f08cb7c32bcd5174b1c49
openshift4/ose-powervs-machine-controllers-rhel8@sha256:8b3c458d40e53f884726155baa84129e5027a3489d15fd20419e76add9c13936
openshift4/ose-prom-label-proxy@sha256:4e87472a70a7076ada4383dc921bb81d5f0dd86e5e33b3b296ea2602c0e3d5bf
openshift4/ose-prometheus@sha256:4b5e8b503712cebc76c7a2c5951b9c8bde14ef9ef83d4e895f4115ef42b363f9
openshift4/ose-prometheus-alertmanager@sha256:3583d385b4defb464e494f7c375868c2e80f64d2adc4c4074b6e9328c6f2d882
openshift4/ose-prometheus-config-reloader@sha256:157d742f5820134092aa7876fcd342625d25535411e515299414eabd095f924a
openshift4/ose-prometheus-node-exporter@sha256:84353ceb0d52be282cc4a2f1956d6e37cbfa6c5affbc1b11d51864775532dae5
openshift4/ose-prometheus-operator@sha256:d5874ce385e398e9db17ea044f758303f7ce6c0568e32c70611909b329e64511
openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:2ee24ea4d9d8b352e133c274d87b533798f9dba5f5fd5865d87bb576082a9786
openshift4/ose-sdn-rhel8@sha256:1d17c68c3a39e9fea01d5de5181b6faade54893e8f7db92629933eb9ddfca2ff
openshift4/ose-service-ca-operator@sha256:89a81e651a7295ecb97c1f2dca5992f7d31a23907311692c8eed58851850ea7a
openshift4/ose-telemeter@sha256:740183aba5e7a85c1d55b4186412cb39a1f4b152c775d0a728ce7e0e25389718
openshift4/ose-tests@sha256:adbca3be4a502bbb685757c3f82bacf754e0840bff4569d3e42eda0ffb070fab
openshift4/ose-thanos-rhel8@sha256:8f0d9b4e7b1f8de6ff888808c929492c86c07ec8283c0c98c6e5dd9909a40b4b
openshift4/ose-tools-rhel8@sha256:3c301c3dba5d1cdf248c6c5acd6b721f2c02dd7ce0b9e68d98b17be2b61936f0
openshift4/ovirt-csi-driver-rhel8@sha256:fc70663eb7d440a4f1d55a1f5b0f84d3d7a34b23e6da198b5bc47532d2bc5144
openshift4/ovirt-csi-driver-rhel7@sha256:fc70663eb7d440a4f1d55a1f5b0f84d3d7a34b23e6da198b5bc47532d2bc5144
openshift4/ovirt-csi-driver-rhel8-operator@sha256:12f37f8445e51c27a9c476d5d7d3a0fa518618a7286731ecad886ccdcc0331a2
s390x
openshift4/cloud-network-config-controller-rhel8@sha256:cc2efc3ec75a2b36b7e37a37ec224d674402c117eaff6656bd65b0179b5f8cb9
openshift4/driver-toolkit-rhel9@sha256:f28ea90f5ea10a591f83cec5cd55e520abd7e4171d284d584381c5dacf1692ae
openshift4/egress-router-cni-rhel8@sha256:a0eae4a05685c7e19af3565b486141a7b1f63f09b0bdccb71f6352808bb23f30
openshift4/kubevirt-csi-driver-rhel8@sha256:795fcf81145116cabb7169229e9d36d068bf36ff2f9531b0fd361099f1c545b8
openshift4/network-tools-rhel8@sha256:fb539eea87a15ab87a1edfb1a9cf8edfc3e32859be33c781d88b1421ece77b6b
openshift4/openshift-route-controller-manager-rhel8@sha256:8f55c0ac97172d70dee7032cda626fdf4af35ae3e79211db032906f29b7c5405
openshift4/ose-agent-installer-api-server-rhel8@sha256:dc4a8245993eee1cd928fbc4a45bf94a5b9147dbdd1af20e58040f86057d6f57
openshift4/ose-agent-installer-csr-approver-rhel8@sha256:5df34915ee26c123a8da8d31d583d1d81eda05af912d6ded33d24f8882843abe
openshift4/ose-agent-installer-node-agent-rhel8@sha256:0018244f7e11bc3414ddf2c59cbd89ffbab054b21b4f7e320a0f03b58efbc29f
openshift4/ose-agent-installer-orchestrator-rhel8@sha256:84fc518fe728e412914ac43cbc118f9bb23ce5ae4959eb434b094d686e60c524
openshift4/ose-apiserver-network-proxy-rhel8@sha256:55985d2b85029f718ae7b309cd8e418ee27bd3c0117c50ddcfecc9ab61961f74
openshift4/ose-baremetal-installer-rhel8@sha256:f751dc5547fba3ed748fd569da1b708395f539a100d8e6a78cc91e4fe53434b1
openshift4/ose-baremetal-machine-controllers@sha256:c9584a0b1bbceee435b7d6c552246c6b312c9109baac45ebc9b7417aaca776e3
openshift4/ose-baremetal-rhel8-operator@sha256:abc9aad73a72c1fd164f8a5e0b07652aa46409596ec9bbbf8aaf92591b0f41f7
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:774ff65980da0170494085ddbba85ea1dc58d540f62af4e43a84627ba9a8ab9a
openshift4/ose-cli@sha256:97d1dc801f9bce384bb1ed3be0dd74b9844dad6117d1da0c18cf89b345db0641
openshift4/ose-cli-artifacts@sha256:1da54b186b354dc8496aeb9fe5bada58b9ea592c8ae12b502ef1953c35d6effb
openshift4/ose-cloud-credential-operator@sha256:79b89b2c1869f5a66a96f4b7c0253b782fad7e72e8f099c06be17a322cca1a7d
openshift4/ose-cluster-api-rhel8@sha256:bd2c00f23c02f4594563e3c8140a375738fe7941114c02c81b55883238e5e590
openshift4/ose-cluster-authentication-operator@sha256:a7c8ea716f41f2c7cace8b0e7842f4ed3a18b6a697d18cfc73ac0bec78454ea1
openshift4/ose-cluster-autoscaler@sha256:947e2e6c3a1bd0a06465082da2fdcd8aeef2f3e3a7f099dc84af12e1ced1d533
openshift4/ose-cluster-autoscaler-operator@sha256:f9c510b5c481c3df6323bf9238998a52789a2dd46a563e632ea0ee6bdd05f394
openshift4/ose-cluster-baremetal-operator-rhel8@sha256:f7f75680e23e2570acc3f982b4d93635cc2e049fac9bbd54a03b6ebc0a27f8ed
openshift4/ose-cluster-bootstrap@sha256:52902a8e18f569653193064d0fc91eb704910ec583c61e3389b6f5621e550bea
openshift4/ose-cluster-capi-rhel8-operator@sha256:9494c33d9890a5745b0306776bc4135d14e6b78bc1b5dbb36f4b920734b74299
openshift4/ose-cluster-capi-operator-container-rhel8@sha256:9494c33d9890a5745b0306776bc4135d14e6b78bc1b5dbb36f4b920734b74299
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:de6f63f2b1e48ab56b36623577c4332c432ff3ddd42ed5c3d7ab8c312cbfc53c
openshift4/ose-cluster-config-operator@sha256:0702af76f0119b1eb004f0e87d2d4dafa1c56b2399cfbff92d91964fd01ee2b8
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:f2330a9b0019df16b01021514de38af0c50fa178ee377cbc631ed6f25bc6f2d0
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:b95eb61a917d8fa33fbf2eacf2f0f06dff13b32837a73c648eaeb24e1ab9ee58
openshift4/ose-cluster-dns-operator@sha256:8f278709b9054ba4af7cc00ce1ce87d969e5a90c81323daf3ee3ca0e14b9a77a
openshift4/ose-cluster-etcd-rhel8-operator@sha256:ba544f7a4a1feda3d6a62927f68fb91af94bc80c9a59839afd38f42984d80646
openshift4/ose-cluster-image-registry-operator@sha256:7632ae1ad6125733583d1945e561219ce8db7ebb2dfa3444140c8b8a31cbf499
openshift4/ose-cluster-ingress-operator@sha256:93a8d20677ac490fc3ce3af74a50ece0ea37a49386c4e3aae5e1bb7c70ba899f
openshift4/ose-cluster-kube-apiserver-operator@sha256:cc21b5000645cebcc6f57296e44aeba55115d4ca5c7675bfa9cf2998ed2f598d
openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:c8739e07c15682b6e25d5288f0549d5d8e3f29943c4709592697e62838f567d1
openshift4/ose-cluster-kube-controller-manager-operator@sha256:a94d1dfb00984998446065686bdc691faa00b2ac1f4c3fe591a74d6f5d9f4a58
openshift4/ose-cluster-kube-scheduler-operator@sha256:3c6cd7227e90bda61fc2aa4158d3ebb79d2845c8bb0159cb52ca6d977364eab4
openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:528547bcf14bcf5ac5ad4a1f7d5a9a6d415daa50ca48ba10578addb79c827d7e
openshift4/ose-cluster-machine-approver@sha256:d9f537292322daaa768c4f70edfd7481e0cca695602a394c6dc187205620cc50
openshift4/ose-cluster-monitoring-operator@sha256:1dcfc1b25cf1bf0de6cefc5b9bb5ccb1f3579251338c25d3bc4a4cf13aa1e75b
openshift4/ose-cluster-network-operator@sha256:f74d860030d2a73259b12a7b757bfefd170afdc35340a6046243f77e2427b4cc
openshift4/ose-cluster-node-tuning-operator@sha256:5fbae4840b1cf962ea2cf406ed5bb87a46a4340401334103adb0fa8840e85f2b
openshift4/ose-cluster-openshift-apiserver-operator@sha256:f9c36b8e7e0e63e80072bdbe96943d01be560f78718374269394df84fd43fd2f
openshift4/ose-cluster-openshift-controller-manager-operator@sha256:7deb75372a10735b7696cdce2213afc3fd950f5a3492b51647885130f0642c45
openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:bc5679c3701c97564fe83198b56ffaf55ea11db3abdc172a4ed042caf5729af0
openshift4/ose-cluster-policy-controller-rhel8@sha256:52c0a88b38b3c61d8d46f4dd6b2717f8272858f268e54c4040ae4d753b3e9867
openshift4/ose-cluster-samples-operator@sha256:f623dda72962b1c4c8dcd8322782c5b40bd3ea5963981228b4c33c17f05f5129
openshift4/ose-cluster-storage-operator@sha256:94e0ffa4bdbbe7ce81a2c54488f41cff34f71de9d6de65d024585595631fc2dd
openshift4/ose-cluster-update-keys@sha256:43363fa6c10b31001e8ff1bdd52e1b5ab35312f10a75c7b8c58fa6f3461f0650
openshift4/ose-cluster-version-operator@sha256:cab5cc048ccac24e7ffdf129eb979a2b1de5d81561e21f9ae74fbbd614912782
openshift4/ose-configmap-reloader@sha256:a3e2f000d4d941bdf1b7f98e459314621f66a4d2497d3b871da1594d2f7b2fd7
openshift4/ose-console@sha256:1511d9da789a6f6f88dcff41942c790a620ef8bd3b617db612ef0f83ad8a2674
openshift4/ose-console-operator@sha256:6e084918d54daa3b1765aa04468701edd3cbea723fc149c02d600ff90c2865c9
openshift4/ose-container-networking-plugins-rhel8@sha256:98633360a59fb963745b69d100500de0ca19c689c141633bad09b3b05b3d3c60
openshift4/ose-coredns@sha256:6c7c2dd59f524010ecdf35c6a5976a713598bf7da6f1dec71f1a02910976fe53
openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:008bceec0b7a4b0d185b15be93e048771cc911f52df5ade35ebe6e914c2a094e
openshift4/ose-csi-driver-shared-resource-rhel8@sha256:fbe979d09ca5dea96cf1ec29edc498ea427c91e620e3ee280d245fcc3a732367
openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:1908577a7198cd7f7ccb8434af33c86978a781f4830e823a1c52b4557171e754
openshift4/ose-csi-external-attacher-rhel8@sha256:5e2f30cae5133cf8f5153501d094a7277fb252aa9976d7232a025401a68b0d5a
openshift4/ose-csi-external-attacher@sha256:5e2f30cae5133cf8f5153501d094a7277fb252aa9976d7232a025401a68b0d5a
openshift4/ose-csi-snapshot-controller-rhel8@sha256:24d92641ac5802a5f315246c72fc22df020367f91191b3ddc2d5bd2333b1b4f6
openshift4/ose-csi-snapshot-controller@sha256:24d92641ac5802a5f315246c72fc22df020367f91191b3ddc2d5bd2333b1b4f6
openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:d623ac6bf4b0672afdaf7c276dc5393d79d8815780c2358df1f84954ef27ea6d
openshift4/ose-deployer@sha256:01d8a40366658b6d0349b01c0cddb99b48711bd21f133f1f3825c5e723d0b22f
openshift4/ose-docker-builder@sha256:edd489b5dcdd749d42bbce6d1b601fd23f9587ae634ae7e62933db231b09d844
openshift4/ose-docker-registry@sha256:dcb1b913a17ebaf2de225f317799bf52738bbcabbbbd5f067cdbf9adb1cc9022
openshift4/ose-etcd@sha256:f39fe6d7ccffdcae8276e6193289c4e9a88c7272ebcde62b06bd9b360533ee52
openshift4/ose-haproxy-router@sha256:63c000f22e43b7ac04c121955fb68b71ecdd394099c363ae8e9a1226df1bfe1e
openshift4/ose-hyperkube@sha256:63eb63312a9d82e6e4c50faa6a69e85b845fc8e1107b15108072a68c5a0b6ff6
openshift4/ose-hypershift-rhel8@sha256:37890b26d052bb20dec8f329b541231694077a358c544d243d2e10eeddcdbb00
openshift4/ose-ibm-cloud-controller-manager-rhel8@sha256:a2cb1850a30447f4244d3851a97e3a9e80b3cc18e38bddae174a623d2e9c0faa
openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:eb0581c1269e92f8cc5188dcdda98e7eb3b5cf3acbdb589aa42bacc0ceefd2d3
openshift4/ose-ibm-vpc-block-csi-driver-rhel8@sha256:24c6b6ca61897115f92d2ed57f13a3bff9023c9b69821087ca827c6957c20bb9
openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:e50d7604c3c38a44652bbec6e41e14884db59c12266f9cbf2f6a5e6db7710940
openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:7e804d1e6c281c3f4f367382750df59b939de0c59598f63d0e118f86c8f132cb
openshift4/ose-ibmcloud-machine-controllers-rhel8@sha256:ae4dfe8e901af886e35333c988d482e60ae3b1a25d3c26cbcb3f2569838ef421
openshift4/ose-insights-rhel8-operator@sha256:8ba7bb0100072f0c0f3ed14fdd60b693673bf7c89d06ba626872f53e958521b6
openshift4/ose-installer@sha256:8feea19213ac81c2a6d72c3d2c2d8d785fd1df8add3abb2206011c79b58c7069
openshift4/ose-installer-artifacts@sha256:ae56d642354d882e1478ca3596a46c94dffaaaf24032a213052c1ec11cc54fa7
openshift4/ose-k8s-prometheus-adapter@sha256:b49b1e550cbed4e6c684e1c4cced7113604e415b394bdc314e59d7e32950c7b4
openshift4/ose-keepalived-ipfailover@sha256:e792a9804c9b69641df620f3d20720c47d265bafa960c897ca51fc9a9f19a4e3
openshift4/ose-kube-proxy@sha256:b4c81891669d21a3575135e13ada5738d4fab40a8730b7ce9f564471ef517ad6
openshift4/ose-kube-state-metrics@sha256:f11b949d2b011f615be6799ca1c756d379dd2c1cc67aa6f5163440e91b75ee42
openshift4/ose-kube-storage-version-migrator-rhel8@sha256:e41ab3dde06e6c27369974058a6be00e1656ceac3c3d027e84debdd226dfd300
openshift4/ose-kubevirt-cloud-controller-manager-rhel8@sha256:266e5daa3bfa35d1bca524b31f75958645066b8bd506855d96e84574f48efc73
openshift4/ose-libvirt-machine-controllers@sha256:ce916ee45676b1700b4e548a1160fe3dfb73184e626c50e111805f27477aaec8
openshift4/ose-machine-api-operator@sha256:699a551529d14c9ccfa38883cbe3d4cf359a3cb9e89f0ff83f92184e31692f81
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:c8827192fd4077a604b9878723bf2e0d9e483ecbe32ee4aa75b8dc8c0d405820
openshift4/ose-machine-config-operator@sha256:1a79ae5b878b4a53c4d9b0a7a5c570e6a4ec6468c1aa7f2eac73912159171c36
openshift4/ose-multus-admission-controller@sha256:bd17ed16b1fcae33c64239b5c614317bb6c96abe5613f0fd4a43f3a968aa1feb
openshift4/ose-multus-cni@sha256:091e6ae2d8e70edd3abe475085e40c3a840402904080ae0c87e3c2f084f4c34e
openshift4/ose-multus-networkpolicy-rhel8@sha256:bb198c47ae3ed93f39554982fc25ec59a9d69e2e7cf1af6ee845df6ea15bcd2c
openshift4/ose-multus-route-override-cni-rhel8@sha256:5e58a114e1356a4af5f5ec771aea838717df6a5d6bc8452316b02542b035651b
openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:04bd618f89dd0653d0a37175f994c3d32dcc8d16271b585455659781b41f3fb4
openshift4/ose-must-gather@sha256:947ec5f254e4be47a8928a00cd437b36efff59073bb5fdd064273afc284b78f3
openshift4/ose-network-interface-bond-cni-rhel8@sha256:497d91fafbcd57004866ac2bb1e91d48d21d0a86821175698a418b25f7f6c352
openshift4/ose-network-metrics-daemon-rhel8@sha256:fb9e85b4926d9ce6a9ea05b79c6a06e2d6155f9e2be109992c3f7c6f9a262023
openshift4/ose-oauth-apiserver-rhel8@sha256:e84b2b7a8eb0c8cb1445750f2d61ea679eb58053e31fe534ee18a816091e8f1a
openshift4/ose-oauth-proxy@sha256:916ad5202b9f3591e16a765fab708ccef1336ad830ae79f3e3beeba86c76c20e
openshift4/ose-oauth-server-rhel8@sha256:bfa3370b932c9b3c53116aa6e5f37e8d9cbac47ba1614111bfc729870a8c4e39
openshift4/ose-olm-rukpak-rhel8@sha256:e7949cfe0c20ee234accc7fc9e57fbeedb29e1b55704bb8812069297c15205b9
openshift4/ose-openshift-apiserver-rhel8@sha256:62a65fd03c97ad761baf73fae3a829df6ead3583d722eab9c69c3ea5b618ba56
openshift4/ose-openshift-controller-manager-rhel8@sha256:0c999b1469607bf864128ec88ed37020b82c8182b5094467aa31ac62e8e77d12
openshift4/ose-openshift-state-metrics-rhel8@sha256:5ba0e7e18ac6d154925a1a01b4eca5cee67fc62cc7184b54e591ab06a6d18d75
openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:a4bfae32448a52e557db253e6981ddc8cba5baddb6797b3ff9dd7a33901041d4
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:9da1653909a1eb4cd6a52d79922d448dc73227b99dc26f98336aeba76189f6cd
openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:9c3c1bd228939f30886fe3e494568168751a8be66dcddfb4813fc15cf37121fd
openshift4/ose-openstack-machine-controllers@sha256:b835dc59ad2ef3d30ca5ec75b075121c6f6389db451687a1003402b86d7c1dbe
openshift4/ose-operator-lifecycle-manager@sha256:878a7e1df2130e959ae969a16e86cdb1f01d2c16c1b51168c389a2cb78dda1d6
openshift4/ose-operator-marketplace@sha256:0b87163e4721e8c5c3deab96abf7311e579285544cead42e8b687a32a2d5fa18
openshift4/ose-operator-registry@sha256:d90f69b7b3d9677a2df464001e0df042953d0a89a08693afeeda58bfefa16b27
openshift4/ose-ovirt-machine-controllers-rhel8@sha256:537996ff86925ff323025e21183ccc8261e7916756d78aed061ff1d122a03776
openshift4/ose-ovn-kubernetes@sha256:567265208d9617dc393ec9cac6ce4c33fe7edc7e6dd19d285353a96144b3bacc
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:4798c1bc8662bf5d09389f7eb00603584a2462d112d757f1a5fee26bd1bd7d37
openshift4/ose-pod@sha256:3bc63cccb635744010b569ffe241e8957f145a332e2d21222dcad1e075239b51
openshift4/ose-prom-label-proxy@sha256:52b0d7a867fcd012580161488fc51d2d5fc3b8881fa736eaf87e15eb57969503
openshift4/ose-prometheus@sha256:def97ac8756953c4838851205501ec49acfe28c1c9843301ac0dfac2fadd8eec
openshift4/ose-prometheus-alertmanager@sha256:aee83e794b660e84400f40961713b8b48bfac8523e782abbaa90e7679c74f839
openshift4/ose-prometheus-config-reloader@sha256:3d29d39e69866eb02b9801e11a63d2596f1694ce9112735db218a70aade544fb
openshift4/ose-prometheus-node-exporter@sha256:8fd984b6b29555edee7fd7a8b211186f1985306260e04d6df325d06060a426c1
openshift4/ose-prometheus-operator@sha256:1d7ff9bc113c1cf74b05b2aabeb89230654a018718329844b51dd178aaadab0b
openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:f6e83285cb52e6edc5d3eb3acecb20c690601f6483db4bd4215d961f352580a4
openshift4/ose-sdn-rhel8@sha256:b5be5a13d99b5a1a4bf221bda6ace84cf3a3bb7c14611f25c8c1900e858b5508
openshift4/ose-service-ca-operator@sha256:2bc578c0dc3e8b38c4a17aa928fc1384bb59647520103b59fa7a482459bd025e
openshift4/ose-telemeter@sha256:9d567583a344e4fd1ce9cc7d1d17c0967dedb2d0e3dd794b1b8a1ccca773c60e
openshift4/ose-tests@sha256:eaef0568331ebff6edd323c83329ed15c0379b368d97bbe3809468eb57b266f7
openshift4/ose-thanos-rhel8@sha256:d28afbbe89d5ccb4789188d3a42fcffc9d00b6293c80d2072fa8db41a7183568
openshift4/ose-tools-rhel8@sha256:ad72120b871f25af818281f4541694b4aebc5ce437edca9a9e8b29a6c7078400
openshift4/ovirt-csi-driver-rhel8@sha256:98b0fc50c3cb46529c19af77352a9fa3dd00763eedaa7621ea1df91821f84482
openshift4/ovirt-csi-driver-rhel7@sha256:98b0fc50c3cb46529c19af77352a9fa3dd00763eedaa7621ea1df91821f84482
openshift4/ovirt-csi-driver-rhel8-operator@sha256:a5a054b68ce53fb3ce8a2e0f21772de6a380fdfb86f3de0e791d26a85eb06b3e
x86_64
openshift4/cloud-network-config-controller-rhel8@sha256:46d268ff30d7e1d7c7288a6fda90d7177949d1be35a88c7b410daf40b34acb87
openshift4/driver-toolkit-rhel9@sha256:287a8cd5b789d73e8621c858499f65732099c55aea22cc4f2e9fc4f8f06d667e
openshift4/egress-router-cni-rhel8@sha256:8e525dbee2977254346f74c3c2e748e33b78743c609ca82bd517499380c87df1
openshift4/kubevirt-csi-driver-rhel8@sha256:236c4aef340426cc3c0ec9196902c03033bd25d5426d16cc49f17973e02ba487
openshift4/network-tools-rhel8@sha256:ba503a2b617242a720ffc86e95f5631bf6b084e20ec016162f46e6d41093e9c0
openshift4/oc-mirror-plugin-rhel8@sha256:6389a4c878a823106ddba960f49ff74350283a21e307247ecce6dba0856a9b84
openshift4/openshift-route-controller-manager-rhel8@sha256:b5529f169f3a9212f26f5be5312b018c06d378cec3ccf663137cc78b09ae0c7c
openshift4/ose-agent-installer-api-server-rhel8@sha256:1d73cf64abffab71dc2e995c22158fcffdd2484131290cbc3fd520c4037d3929
openshift4/ose-agent-installer-csr-approver-rhel8@sha256:ce3e2e4aac617077ac98b82d9849659595d85cd31f17b3213da37bc5802b78e1
openshift4/ose-agent-installer-node-agent-rhel8@sha256:70397ac41dffaa5f3333c00ac0c431eff7debad9177457a038b6e8c77dc4501a
openshift4/ose-agent-installer-orchestrator-rhel8@sha256:3a8b33263729ab42c0ff29b9d5e8b767b7b1a9b31240c592fa8d173463fb04d1
openshift4/ose-alibaba-cloud-controller-manager-rhel8@sha256:1dac5e9e31c011322d414a74f1aeb1ab2b4d766679b2ea7df359fa3456a7b83d
openshift4/ose-alibaba-cloud-csi-driver-container-rhel8@sha256:c9836bc7472215104f20ba7f0656ad69061681cc626165cee18470645c880d33
openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8@sha256:ee080b37108cc5bee6b0e0d1e55148f4aa67e3d236d53fb7d9aee4a83d187603
openshift4/ose-alibaba-machine-controllers-rhel8@sha256:29ef5c21337a918bb51939045206386790d22dec33cc705f668bdd0c7c9d5b51
openshift4/ose-apiserver-network-proxy-rhel8@sha256:fb053635a98389b3576ad55ad67d50b7b7de5a66b9811c04a71f5d7f7a40b1ad
openshift4/ose-aws-cloud-controller-manager-rhel8@sha256:b0b2e89f5b24aa9186533f964a2a1573e289e7ca6ecd63ffb0064cd834f4d3a7
openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:12e6dd95aaa4a8404ce209c83d69584219c54c518a5e04866f551c3913ebf6a4
openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:fd7352b97f55b83c0fa2303af43c70f9c2243d5dd6a35b3af775485597a59584
openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:637d449dd5dd69825ce7933cb1bc9e1945c45b0f588dc05dd5b1638fd95f3d14
openshift4/ose-aws-pod-identity-webhook-rhel8@sha256:226b916fbcd16fad546c317d5fa6e95273dceb67aa561ed2ee740fd2dea130c8
openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:d3665922bbdf7f202f3cc232e0e79fd4665946dd43ad00cd15ce6b0d6fb8ae93
openshift4/ose-azure-cloud-node-manager-rhel8@sha256:c0383f1a1ce5c30ea64d8ddbf2e2cbe3698cf83d9bfe18192a20b72f926b62b0
openshift4/ose-azure-cluster-api-controllers-rhel8@sha256:4c07fe06ef0b78f5977e890eda409d813f9360b9d9cb5653eae1444255721576
openshift4/ose-azure-disk-csi-driver-rhel8@sha256:ce24005a54415772954a23446fde23eda89dbfe872d9acd67cc211980dde8891
openshift4/ose-azure-disk-csi-driver-rhel8-operator@sha256:0eb2302cb1ea94356a1241c2352c21e9d8b5bf4982c73b3bfc7c035897ce2ee8
openshift4/ose-azure-file-csi-driver-operator-rhel8@sha256:f1b200c057a85e05a740bf368e0650227f7dbc29493d0b333655efc3594ef337
openshift4/ose-azure-file-csi-driver-rhel8@sha256:19164d32a4e06c736c200e7f23014fc390c89cbf2c0a0bf77dd2fd599e46fa25
openshift4/ose-baremetal-installer-rhel8@sha256:6dbd58cd9b59ea0c42a8c1b2185f8fdfd7fe64a3c0481a7153d5b600492a46c7
openshift4/ose-baremetal-machine-controllers@sha256:45317ab0435f18f5ed5aa3f52dadf6f7de803356a13c2db57c9fce2151ace70f
openshift4/ose-baremetal-rhel8-operator@sha256:13b7072d32511f4152e0368bfe3a91aca43f2414577f603a6403430a66e62a50
openshift4/ose-baremetal-runtimecfg-rhel8@sha256:ce9d408356abfc5fbb5b5bcb69a4eb8d49c47588747935a94ec8c31dfabe8eac
openshift4/ose-cli@sha256:800f0bb464dc9d622c3a670e503bee267670395c9bea0fb6247737b6f826ba7d
openshift4/ose-cli-artifacts@sha256:a196f1f9519404e034eb33f02667cccaede047edfaebc8e0081b07be73ce5f8d
openshift4/ose-cloud-credential-operator@sha256:bcb76631bf77fe40297b07cc5e8f27753535e756fe6222a66697559cabdbfea2
openshift4/ose-cluster-api-rhel8@sha256:2b108f069cb4fa66e8a519580c5fc1eff41e6d6155aab891a3bc720ad9d50460
openshift4/ose-cluster-authentication-operator@sha256:d7827adc8d2fb98b1d8a320e777ddb324e860faab56ca8b7c8525ff8a2fc74b8
openshift4/ose-cluster-autoscaler@sha256:a4322f8d5d9ab4667800ae6766982ec807577b41c9edaa16ba3c576f7f0bcdbe
openshift4/ose-cluster-autoscaler-operator@sha256:045d3d00d64faa694fa3820833172fde67b02f823ecf52abcd5d5baa83bbf9c0
openshift4/ose-cluster-baremetal-operator-rhel8@sha256:9347e35d5e0b5a6f6f414063ac8760e762ca989e6e6cb5aa85201d7f8f9df6b7
openshift4/ose-cluster-bootstrap@sha256:3fd821ae96c52f47a9943731b6c48edf659eee57f6e4b810ef43a9ee6211ecf9
openshift4/ose-cluster-capi-rhel8-operator@sha256:439575a2d997966b99abab0c40a0257e4d6f6c058631097cac0b262c826c36b0
openshift4/ose-cluster-capi-operator-container-rhel8@sha256:439575a2d997966b99abab0c40a0257e4d6f6c058631097cac0b262c826c36b0
openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:83cf060cea7c473ebfc46721236d52e6b3ece61b4bc9df77161073c412d68107
openshift4/ose-cluster-config-operator@sha256:7e2413358e4085dfda462a796085419a45877f7cb37ef090ddbcc8da8e4b7802
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8@sha256:a77f437a1d7b33fd714e57fbdeb586d3ffd3571452832c00a54f8090fe342270
openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:1117bd64e978239a116107e067fedabbf05f1e38e9e92a0560011e85826237e6
openshift4/ose-cluster-dns-operator@sha256:2d89aeeb8ae5b0476cd406ca638067868e48bfbb6ca941f435e54ceedc903c08
openshift4/ose-cluster-etcd-rhel8-operator@sha256:abd2472f473d40082cb07697d04735bedbff7b93bebb55cdc60fd7d1a2c010b2
openshift4/ose-cluster-image-registry-operator@sha256:bc1452a757b1f7bf2ce95e643aba679f760a4dc975ebc22f7b4e134c711dac04
openshift4/ose-cluster-ingress-operator@sha256:9ff44618f8fab99e6ad3daa1b83481a74473507effbb2f80b41c6ac474ad0995
openshift4/ose-cluster-kube-apiserver-operator@sha256:634f1df3cf9a5ab9eff71d365e7a9b5500e3c06b8e09b60295841344b11a79bf
openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:baa743f19373bd03e30cbd2cb6d2a6c445bd375f41fdcd7a638b5d612fd1790f
openshift4/ose-cluster-kube-controller-manager-operator@sha256:7a67446a5ef8f44dd2f9d84582f5eb8cf47afc2242e3faf9cc33c01d83a6ed81
openshift4/ose-cluster-kube-scheduler-operator@sha256:5e72c0d6db317dc7f479afba021bc643c750ab55188cf2faca4497dd2366635e
openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:6cd2f69492cc082cdbac4fed6bd62b434ededa4d9e53c1758829051fd946bb24
openshift4/ose-cluster-machine-approver@sha256:9f1f1668b8eaa4b6932953287af07f8e122822a0747cef1ec57cbf1c79f01f68
openshift4/ose-cluster-monitoring-operator@sha256:e244465a0a7cc8d0142ba116344633825ade906735cc63c413fdb86c9755fa2e
openshift4/ose-cluster-network-operator@sha256:cfed43e6e7b801be9344c604baf378bfd3bba1f55b540d394d7fa9d030225d5c
openshift4/ose-cluster-node-tuning-operator@sha256:82f1148c1d1f56f822116a2df82f910a01de7a02a6296dd544fd447ec4a8da1d
openshift4/ose-cluster-openshift-apiserver-operator@sha256:0e4653a8f77aa893fe69bacb94d1f83e76756d51e75000d25c7e946dbdc1a533
openshift4/ose-cluster-openshift-controller-manager-operator@sha256:19b70c86820628460dbcf5d1a9d41354595ba8beaf631055b6462b85e1ba8fa6
openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:bcf404154b33dedefa9d812e70e537dafb37d0dd901ef3fe66c479538d8ded35
openshift4/ose-cluster-policy-controller-rhel8@sha256:a7bc1ab260e6837e51cfcc19f1926c0d86e7cab336ff31f8f73c58a71d8d226a
openshift4/ose-cluster-samples-operator@sha256:e288ed532ea02cbec1ede954edfd781510c2c721794c0ff6c8b4163256279991
openshift4/ose-cluster-storage-operator@sha256:68a5f9f26c2cbba06965c9a5fd41a0d9608f4b1f58dfb58ad9cc12ece1822b22
openshift4/ose-cluster-update-keys@sha256:8a7dbaa67ea1d580cd198ddbf333dd9204e9e66f14d605eff0fc49f1394afe48
openshift4/ose-cluster-version-operator@sha256:56ada246485be6a00670be8fb5d10a91bdfc73ced51abbc47761f0398da42cea
openshift4/ose-configmap-reloader@sha256:6c69f74652c32d0e4902504124ac455cccfb31970a6c4c9fba8893b741a021da
openshift4/ose-console@sha256:7e0c46b60985692f81d0ee6bd86059f093016a89e08e6bdc6b4552a095e8a0dd
openshift4/ose-console-operator@sha256:cc82353227327048137b28145289ed3c48d24d4be43626268c45924ad4779376
openshift4/ose-container-networking-plugins-rhel8@sha256:033f0e8d36d26478205e0c17ddf39e93e4a93371f17449a9d3edb5d2e273b7e8
openshift4/ose-coredns@sha256:ef20b93c7bad79e4fa20cecaf85af5a897342aefd133b5d2c693d74a4813df2c
openshift4/ose-csi-driver-manila-rhel8@sha256:ef3560ad1634a68a977c2ab35c8d04e4dc6938aa1f1abe223bcef8689e4f65de
openshift4/ose-csi-driver-manila-rhel8-operator@sha256:b351496a0c51eadf0d0bf7dcc80cfa5bb958288a89eb74fff155a14961eef8d0
openshift4/ose-csi-driver-nfs-rhel8@sha256:6727b5167b609a80813a6ff31ac80ef0baeee259400d954947c29057653ca6e8
openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:25af2389ed347e089550b0cdce252a2af4e23c5f82c945ffb4677c3bd5f4858d
openshift4/ose-csi-driver-shared-resource-rhel8@sha256:8b616e5c360030d3c8b0a5360ccca328057f3a7b724bda408ed64952a3330001
openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:97bb357efdf32511029405ad45434314bdc8a8869c49b3263ecd61bf694c08d4
openshift4/ose-csi-external-attacher-rhel8@sha256:e712b4f4238c4fc19d056f177608f9a28ab461afb5ec3fad9383dce6527480cc
openshift4/ose-csi-external-attacher@sha256:e712b4f4238c4fc19d056f177608f9a28ab461afb5ec3fad9383dce6527480cc
openshift4/ose-csi-snapshot-controller-rhel8@sha256:9af32613574694804b511fc937e91eb80206a47cf404bb08399d392cbde06e63
openshift4/ose-csi-snapshot-controller@sha256:9af32613574694804b511fc937e91eb80206a47cf404bb08399d392cbde06e63
openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:f7d07c8b96013df7cb6eb75269aedd2e463e298ac53c8ba634eecdd1ba289140
openshift4/ose-deployer@sha256:3f2fefc5cb327f4a534095a53529cc4a1ec70609232101a2f5baa59e58c60d02
openshift4/ose-docker-builder@sha256:d0e187f18140318a33185cbd44654d15a0478d59d83e8fd39a406c597bd398ed
openshift4/ose-docker-registry@sha256:caba99889e6552461a00b19fd0bddffc2c47788c4db60ec8ce7cc4e716cb0270
openshift4/ose-etcd@sha256:cf6d1bd2361806194ed27dcae9da890e59977a8629144a4b2f4dbd497c7f80c9
openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:678caa5ddd0d974734fcba251a2b0c572105613c4a96e1375e541732486d79c1
openshift4/ose-gcp-cluster-api-controllers-rhel8@sha256:291df1cfc785547023c9d25563b161a3e2d0a98788350af394b51995056a2d42
openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:4df2967d804501df5890cde4482c22275aeee85d595e2edf8fe8921133c37bad
openshift4/ose-gcp-pd-csi-driver-rhel8@sha256:39958f57ba82b3912dde1ac8e699ca9b1411d344b346df615be765b64579d685
openshift4/ose-haproxy-router@sha256:5460207dedbfc16cc26527f5fc7ccc8143242b1d4ca329476441cce3672a992b
openshift4/ose-hyperkube@sha256:eba9f481061100221f52a51989a689c038b3292a58b21b8b21f8c3d89a802541
openshift4/ose-hypershift-rhel8@sha256:6225efb8b6483e26b2dd45c0fd739b91a6600f9fd81048351ffde2155ca2030d
openshift4/ose-ibm-cloud-controller-manager-rhel8@sha256:4cd3d2a5a408fe17b861577f733abea4743f96cfd0e8cd1f949dc8921014f394
openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:755f14826c560c2225ef8df92a51259e823908d5f972c625fecba59a7a80e993
openshift4/ose-ibm-vpc-block-csi-driver-rhel8@sha256:427adad5df46bbcd86a95a3ddb60601556fdc042435a7e9035c58687cf8a01e1
openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:f3bbc7a0774f122f8d2f14f165bda949c76598253eefbde035da8747cb919bcb
openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:b3022b9431acc8cb3a871207a0069cb085f5228eef1bf6b23921035a71a3efc3
openshift4/ose-ibmcloud-machine-controllers-rhel8@sha256:1709c684f40391c58636aeda2e560121fa663a1ffc17e3477ed63a0f1703db9a
openshift4/ose-image-customization-controller-rhel8@sha256:36038c478e99e13434fcd4251747f9b9b03c27da94aca02fe0cd7370212fa7f1
openshift4/ose-insights-rhel8-operator@sha256:b7af75afd62849130510e7584e9cc94e3484f398f448f731df231ed287ccb77c
openshift4/ose-installer@sha256:81be8aec46465412abbef5f1ec252ee4a17b043e82d31feac13d25a8a215a2c9
openshift4/ose-installer-artifacts@sha256:504e2c2597ed1f52928b5881d12cebcd7bf813b0becc88984b8200b7db6a95e5
openshift4/ose-ironic-agent-rhel9@sha256:528df4775ea0aa8bab2c882764e15457adc31dd81f105de23fb08e2780b9ca83
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:977780498046d54b1d094d27afdbb995c395a88a09be2fc083ec1f0e859a12b7
openshift4/ose-ironic-rhel9@sha256:f29a4f8c3d4ef21ee4859b9d96ba54605bbac445fe22c3db2cd28a047e5d0495
openshift4/ose-ironic-static-ip-manager-rhel9@sha256:4dc0c2d306eeb09bd00b95f6327c9726654f1fcdfc6d45d34bede47455c20162
openshift4/ose-k8s-prometheus-adapter@sha256:79aaf6f57e73443385cd243a8ab917e9f3cf8818884a7989dd4932f9db92a9bb
openshift4/ose-keepalived-ipfailover@sha256:d861a7181f7bab0e8358be9394e239e1826b01e5624f41477a64435078e68eab
openshift4/ose-kube-proxy@sha256:a1e24b9639629ba3f712ccbafb010a8d8347a27783ff3b6e9843ba9082adc877
openshift4/ose-kube-state-metrics@sha256:4cd2d0227119b5a8dc5a32912d3f19af7dbc8cdb8d93423259203d5e9f271859
openshift4/ose-kube-storage-version-migrator-rhel8@sha256:e00b1b1feef05d652931e1017cfd418153872e32673d7db949c76fe691a10e52
openshift4/ose-kubevirt-cloud-controller-manager-rhel8@sha256:a60de7051861ca94194e61726e05695b703ccbe7d2774de6f8825ed6cb1f7ab8
openshift4/ose-kuryr-cni-rhel8@sha256:7fe2bfaedfeb9463a21101dfcd438c76a83a37031bd44b7591f08899b28c55ea
openshift4/ose-kuryr-controller-rhel8@sha256:7503fadf4c2ede04d2286b5fa40c48acd81c1c0a65ffd40be0b0b595783dbfb5
openshift4/ose-libvirt-machine-controllers@sha256:dbfdc8df679a27fe4eae30f9b0a1624d81a93f68527d14c643d08ccaf8bd58bc
openshift4/ose-machine-api-operator@sha256:d08f10e0bc24bd03fa3a6fa2c7c9c1ae188a46006fc084cfe8be4da431548715
openshift4/ose-machine-api-provider-aws-rhel8@sha256:7b038bd99d128c5c43aede52fa0bd582e9e7357a17aef0bfc6782b5b28c7f92c
openshift4/ose-machine-api-provider-azure-rhel8@sha256:45d6bc650f5294388b6ccc7bcd0402aa700223c212a0a09763bf5207f3ff894b
openshift4/ose-machine-api-provider-gcp-rhel8@sha256:c8b426989bf71c5fc24f05cc4cf1e5703d045fba6f7e0ea474ca0ca23d1026f2
openshift4/ose-machine-api-provider-openstack-rhel8@sha256:4004eaba967a5f11328f93b26a6c8c2b4c76e79b45397c1c3721d8e6a18ff8d3
openshift4/ose-machine-config-operator@sha256:3cf8f4ac5468699993033e869af9aad020f5545361da34ca8f18937755be265a
openshift4/ose-machine-os-images-rhel8@sha256:0579e228f53d341834837cbcfce3d3b3f4bc3464648d774d453cd2e9a74fde38
openshift4/ose-multus-admission-controller@sha256:57a129a7b89dd6161dd2e2a4734b4df7201250f4ae31ac8abc7b9ea7ffd3a65e
openshift4/ose-multus-cni@sha256:d2ad17d2154760a8b4b1c2d01bab050ee6400fa2887c31454e2e74db0dfb4cf5
openshift4/ose-multus-networkpolicy-rhel8@sha256:aa61bde10123d67e2d578f4182a207c82d51125ccfc9684fe0d5a156c5547c5d
openshift4/ose-multus-route-override-cni-rhel8@sha256:1c94192d0454066203a9539f918578ced1d04e13802070bab7f33c46c96d6b6a
openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:84e5a7f8a7e8fb6be746b0e4488a9c3849b9364bafb0cfb7bc89db5877ed5f20
openshift4/ose-must-gather@sha256:e9601b492cbb375f0a05310efa6025691f8bba6a97667976cd4baf4adf0f244c
openshift4/ose-network-interface-bond-cni-rhel8@sha256:df5cba39c28e87464012332eb921ef50a7f4e34cd5d4f26de04fc13acc7b659a
openshift4/ose-network-metrics-daemon-rhel8@sha256:8a4e025c3fe4676da63b814aa745b6013f7bb7959f1a69ab6eaab65938a3cd45
openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:eefac71da740b0e13929817429f05a474a071cda8e4240746a1b2d016d03e220
openshift4/ose-nutanix-machine-controllers-rhel8@sha256:46534250b2381fb5b4cb779f55747696635f4faef9e0166dfc9555c9aa0022bd
openshift4/ose-oauth-apiserver-rhel8@sha256:8d5e0f2df19f0736ea90af599e0f009f46ca4c302e30e137702efbdc584d5070
openshift4/ose-oauth-proxy@sha256:df80d3297a5530801baf25e2b4e2e265fe094c43fe1fa959f83e380b56a3f0c3
openshift4/ose-oauth-server-rhel8@sha256:782bf93ae9f12b0acad519703cf84839f6c1ad3d260607ff379d43f714b7613b
openshift4/ose-olm-rukpak-rhel8@sha256:3f0006406d0edf9e5c84e3c9c27fdae14ac6d5a1ddba69cb083dd0470e3eec37
openshift4/ose-openshift-apiserver-rhel8@sha256:ef9f729c0a5759a573009d0009cfe878fe4415b7bf6311aeda1cf3478df8d517
openshift4/ose-openshift-controller-manager-rhel8@sha256:7f903fbf4910411b8bdf07269fc4f9c3ff650b352a7466bb481a85ce06884292
openshift4/ose-openshift-state-metrics-rhel8@sha256:4a559d00bdab5082a97a0d10f6178cb9fe82906fc7e44f743316d73f42b0efdc
openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:bc3553161158f16f213bce7a86fe21861a2b0cc7792954ceaf548e833b1be49f
openshift4/ose-openstack-cinder-csi-driver-rhel8-operator@sha256:3f9e41b88e53436ca422f8c3a1e9dfa80abfa105de41dcfdab94538ddeb1e68e
openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:26f521dfbf0cda42b10ed855868855fce9d5d440b1095eeb9154f2bb47ef5a68
openshift4/ose-openstack-machine-controllers@sha256:44efe74e355376ab9a17d6590ea59ecf43d5c49b09b5ef637362f1c5840ad7d6
openshift4/ose-operator-lifecycle-manager@sha256:4e24f95c6619946398f163a84dcdf9030e8cfd60a303252da0403d590c587209
openshift4/ose-operator-marketplace@sha256:b69a586f231d9af7939ceff4039a73c6eca8f957fd0c0b9ba582c8c27a6fdde5
openshift4/ose-operator-registry@sha256:e9cc7c2d2874bd420672e5a2dd9e98ab7ecacb6381eac5ce0859591184b7dea2
openshift4/ose-ovirt-machine-controllers-rhel8@sha256:70dc442cdcdf6402f006627e5121ea4005af39f6999a5b6d4135c255a3ba99b4
openshift4/ose-ovn-kubernetes@sha256:397285300c9886e779e553af5582fa9fdf9fb5bf4d99374e04721a5d5b25579e
openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:97ec81c50bd37f14e4485897c9848d4e10ded76d2a6a0a8c3ab8889845013274
openshift4/ose-pod@sha256:09d4bee015dd9cdd168968be3fd91106af558e82cb8975191fb905d9f8825418
openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:068fea5317e13019edc2f5f66b7d0a92a1eabca830861720d24ffa0b92bb066c
openshift4/ose-powervs-block-csi-driver-rhel8@sha256:6c610bf7abd1ac94df01f244a9338ac3947179ed25079e1a6ac42fd9ea93817f
openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:7f7d7fefd3e4a7362ef03d70bf7e018e737dcda8de0833db8d5a6d3c2923aeee
openshift4/ose-powervs-machine-controllers-rhel8@sha256:f9693300e1ba5f7a4a2ac9013369e0fee98baaf758e6d06cf6993cc7eec83294
openshift4/ose-prom-label-proxy@sha256:f1d9759ab93e086b148e76a6bc3475fc6d87ab73fd8be9f07b928a90659a8f68
openshift4/ose-prometheus@sha256:064300d031bcc2423e2dc5eb32c9606c869942aa41f239b9c561c0b038d3d8f0
openshift4/ose-prometheus-alertmanager@sha256:b119148ba30e674ddd378b39d6b304f94b4e1f5f35e3dcc7ed1273e076f9ef69
openshift4/ose-prometheus-config-reloader@sha256:55fdb6cdbcb7c25d8206eba68ef8676fc86949ad6965ce5f9bc1afe18e0c6918
openshift4/ose-prometheus-node-exporter@sha256:fdc7760152bd9740cbc081b633ecb3949d1152113903ba3d190a99bc1a2d9b46
openshift4/ose-prometheus-operator@sha256:94862f76c31d5593d5b19e59715823d9a35baa46f4c271c94b1935b6c2b28240
openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:484dfef080ceb89c79bfa89097ed0d676ec2a007641b26c76ace17b0e702fa0b
openshift4/ose-sdn-rhel8@sha256:cace814609200a8c6a91823c71a32b54f7a8b6ed2620cb9164e58504785bfb25
openshift4/ose-service-ca-operator@sha256:6ba8c66a65d8a7d32c7d6aec772d0cc88f65bf54b16664cfedf8e068c00689a4
openshift4/ose-telemeter@sha256:441070608f5c32d3ea39d1f71180ca5e0661010271d1d62bcbde43eca3cf4a9a
openshift4/ose-tests@sha256:00320f2ef66345e518d268ed70efabaabafea33b48474a49e57f227c8f1f6806
openshift4/ose-thanos-rhel8@sha256:ac3558b2758c283c355f30b1255793f1363b86c199569de55a6e599a39135b1f
openshift4/ose-tools-rhel8@sha256:0f80a0d7d75ab020f8769370865d14dcb8975f928500d67d00252227e436a9ce
openshift4/ose-vsphere-csi-driver-operator-rhel8@sha256:31e97be1745e7bef9cd949bf6ebe5a1e76032a4a28c746ef15f8c93c76e1a378
openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8@sha256:31e97be1745e7bef9cd949bf6ebe5a1e76032a4a28c746ef15f8c93c76e1a378
openshift4/ose-vsphere-csi-driver-rhel8@sha256:0fb4106dea911de7f4fbe2215f763d6c83b3c414067af1f1139017c2ed2e8530
openshift4/ose-vmware-vsphere-csi-driver-rhel8@sha256:0fb4106dea911de7f4fbe2215f763d6c83b3c414067af1f1139017c2ed2e8530
openshift4/ose-vsphere-cloud-controller-manager-rhel8@sha256:ea281939e811b4be357b5a300aaa439e3e2e3d24b2451d00031fd8a047daf89e
openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:451797fec3ff29e4655fbea5da8cfc9a6cf82dfd67482cb832561e52f23d1287
openshift4/ose-vsphere-csi-driver-syncer-rhel8@sha256:9fd1196117528fe2226542484c902ca43d4d12fab37fab1d82711285ceba08e9
openshift4/ose-vsphere-problem-detector-rhel8@sha256:acca5e030186dbc1383e05db41091daffce400be2c44cd724eb0f235c22a8432
openshift4/ovirt-csi-driver-rhel8@sha256:ed571d54132acb39dbd1e0a6ea81dd544838091c32afac65adf485d30fda9779
openshift4/ovirt-csi-driver-rhel7@sha256:ed571d54132acb39dbd1e0a6ea81dd544838091c32afac65adf485d30fda9779
openshift4/ovirt-csi-driver-rhel8-operator@sha256:13e6259467124c447b6a1fc3b532ecdfd0488b4986d9ce2217a4f35fcd6cbc90
Related news
Ubuntu Security Notice 7135-1 - Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.
Gentoo Linux Security Advisory 202408-25 - Multiple vulnerabilities have been discovered in runc, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.1.12 are affected.
Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.
Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.
Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.
Gentoo Linux Security Advisory 202401-15 - A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass. Versions greater than or equal to 0.24.1 are affected.
Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2023-7341-01 - An update is now available for Red Hat Quay 3.
Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.
Red Hat Security Advisory 2023-6143-01 - An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.14.
Red Hat Security Advisory 2023-5964-01 - An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5935-01 - An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-5442-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-5421-01 - Multicluster Engine for Kubernetes 2.3.2 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Red Hat Advanced Cluster Management for Kubernetes 2.8.2 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be att...
Multicluster Engine for Kubernetes 2.3.2 General Availability release images, which contain security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41721: A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead read the body of the HTTP request, which could be attacker-manipulate...
Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0.
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0.
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat Security Advisory 2023-5001-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.49. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 4.11.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-4730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.10.
Red Hat OpenShift Container Platform release 4.13.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to u...
Red Hat Security Advisory 2023-4671-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.30.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.
Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...
Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1260: An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "po...
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509...
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...
Red Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3612-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat OpenShift Service Mesh 2.2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents. * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtai...
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.
Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.
Red Hat Security Advisory 2023-3445-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include a denial of service vulnerability.
OpenShift Serverless version 1.29.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker ...
An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-28235: A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause e...
Red Hat Security Advisory 2023-3304-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.1. Issues addressed include denial of service and traversal vulnerabilities.
Red Hat Security Advisory 2023-3305-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.
OpenShift Serverless 1.29.0 has been released. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of serv...
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-17419: The Miek Gieben DNS library is vulnerable to a denial of service caused by a segmentation violation in setTA in scan_rr.go. By persuading a victim to open a specially-crafted file, a ...
Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query ...
Ubuntu Security Notice 6088-1 - It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux.
Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.
Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now availableThis content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption...
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2990: An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has d...
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.
Red Hat Security Advisory 2023-2802-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and information leakage vulnerabilities.
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a den...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a den...
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding mo...
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding mo...
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding mo...
Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-2029-01 - The OpenShift Security Profiles Operator v0.7.0 is now available. Issues addressed include a denial of service vulnerability.
Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very...
An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0475: A flaw was found in the HashiCorp go-getter package. Affected versions of the HashiCorp go-getter package are vulnerable to a denial of service via a malicious compressed archive. * CVE-2023-25173: A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information o...
Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 4.12.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46146: A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is ...
Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption. * CVE-2022-41717: A flaw was found in the net/http library of the golang package. Thi...
An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....
An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38578: A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability....
Red Hat Security Advisory 2023-2137-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan r...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.
Gentoo Linux Security Advisory 202305-16 - Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.
Red Hat Security Advisory 2023-2041-01 - Migration Toolkit for Applications 6.1.0 Images. Issues addressed include denial of service, privilege escalation, server-side request forgery, and traversal vulnerabilities.
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
### Impact Ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. ### Patches This issue is patched in [baremetal-operator PR#1241](https://github.com/metal3-io/baremetal-operator/pull/1241), and is included in BMO release 0.3.0 onwards. ### Workarounds User may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in [baremetal-operator PR#1241](https://github.com/metal3-io/baremetal-operator/pull/1241)
Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.
Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0286: A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read...
Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1978-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a denial of service vulnerability.
An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. * CVE-2023-25725: A flaw was found in HAProxy's hea...
An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. * CVE-2023-25725: A flaw was found in HAProxy's hea...
Red Hat Security Advisory 2023-1888-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-1893-01 - Red Hat Multicluster Engine Hotfix Security Update for Console. Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29017: A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. * CVE-2023-29199: There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, al...
Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29017: A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. * CVE-2023-29199: There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, al...
Red Hat Multicluster Engine Hotfix Security Update for Console Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29017: A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. * CVE-2023-29199: There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, al...
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
Red Hat Security Advisory 2023-1817-01 - Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1817-01 - Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes. Issues addressed include a denial of service vulnerability.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
An update for haproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. * CVE-2023-25725: A flaw was found in HAProxy's headers processing that cause...
An update for haproxy is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. * CVE-2023-25725: A flaw was found in HAProxy's headers processing that cause...
Red Hat Security Advisory 2023-1646-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.11. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1646-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.11. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.12.11 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23524: A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption. Input to functions in the _strvals_ package could cause a stack overflow that is unrecoverable by Go....
Red Hat OpenShift Container Platform release 4.12.11 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23524: A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption. Input to functions in the _strvals_ package could cause a stack overflow that is unrecoverable by Go....
Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.
Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.
In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.
Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...
Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...
Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1639-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1504-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.34.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
OpenShift API for Data Protection (OADP) 1.1.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by a...
OpenShift API for Data Protection (OADP) 1.1.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by a...
Red Hat OpenShift Container Platform release 4.11.34 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to u...
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0361: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the v...
### Impact It was found that AppArmor, and potentially SELinux, can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. ### Patches Fixed in runc v1.1.5, by prohibiting symlinked `/proc`: https://github.com/opencontainers/runc/pull/3785 This PR fixes CVE-2023-27561 as well. ### Workarounds Avoid using an untrusted container image.
### Impact It was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) 2. or, when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare) A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. ### Patches v1.1.5 (planned) ### Workarounds - Condition 1: Unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. - Condition 2 (very rare): add `/sys/fs/cgroup` to `maskedPaths`
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection (schema, database, and table) are not sanitized when passed to the user-provided MSSQL database. A privileged attacker with the ability to write arbitrary data to Vault's configuration may modify these parameters to execute a malicious SQL command when the Vault configuration is applied. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `m...
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.
Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled docume...
Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Red Hat OpenShift Container Platform release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to us...
Red Hat Security Advisory 2023-1439-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
Red Hat Security Advisory 2023-1438-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...
An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding...
Red Hat OpenShift Container Platform release 4.12.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...
Red Hat Security Advisory 2023-1281-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform. Issues addressed include a remote shell upload vulnerability.
An update for python-werkzeug is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25577: A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, reque...
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1199-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer overflow, double free, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1211-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include denial of service and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1211-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include denial of service and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1200-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Red Hat Security Advisory 2023-1159-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.31.
Ubuntu Security Notice 5948-1 - It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacker could possibly use this issue to cause Werkzeug to consume resources, leading to a denial of service.
An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0361: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially...
An update for lua is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. * CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can ha...
An update for lua is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. * CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can ha...
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...
An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certif...
Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking an user to open a crafted malicious docker-desktop:// URL.
OpenShift Serverless version 1.27.1 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.
Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.
Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...
Red Hat Security Advisory 2023-1090-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0361: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the v...
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Red Hat Security Advisory 2023-0890-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.5. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-1018-01 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Issues addressed include a remote shell upload vulnerability.
Red Hat OpenShift Container Platform release 4.10.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeri...
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files cr...
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25577: A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses requ...
Red Hat OpenShift Container Platform release 4.12.5 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to cra...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. * CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script exec...
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. * CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script exec...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4203: A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite...
Red Hat OpenShift Container Platform release 4.11.29 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to cr...
Red Hat Security Advisory 2023-0814-01 - The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Issues addressed include bypass, code execution, and integer overflow vulnerabilities.
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue...
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
Red Hat OpenShift Container Platform release 4.12.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric...
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container ent...
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
### Impact A bug was found in containerd where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. ### Patches This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. ### Workarounds Ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-",...
Debian Linux Security Advisory 5349-1 - Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library.
Red Hat Security Advisory 2023-0651-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution esigned for on-premise or private cloud deployments.
Red Hat Security Advisory 2023-0652-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.27. Issues addressed include denial of service and out of bounds read vulnerabilities.
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Debian Linux Security Advisory 5348-1 - Two vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which may result in denial of service, or bypass of access controls and routing rules via specially crafted requests.
Debian Linux Security Advisory 5348-1 - Two vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which may result in denial of service, or bypass of access controls and routing rules via specially crafted requests.
Ubuntu Security Notice 5869-1 - Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.
Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
Red Hat Security Advisory 2023-0692-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0561-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an adversary to "read memory contents or enact a denial-of-service," the maintainers said in an advisory. The
The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...
A Helm contributor discovered an information disclosure vulnerability using the `getHostByName` template function. ### Impact `getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. ### Patches The issue has been fixed in Helm 3.11.1. ### Workarounds Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. ### For more information Helm's security policy is spelled out in deta...
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the `d2i_PKCS7()`, `d2i_PKCS7_bio()` or `d2i_PKCS7_fp()` functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions `PEM_read_bio()` and `PEM_read()` are simple wrappers around `PEM_read_bio_ex()` and therefore these functions are also directly affected. The...
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the `EVP_PKEY_public_check()` function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
A `NULL` pointer can be dereferenced when signatures are being verified on PKCS7 `signed` or `signedAndEnveloped` data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers.
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
Red Hat OpenShift Container Platform release 4.10.51 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
Red Hat Security Advisory 2023-0639-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-0569-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-0570-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.2. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 5845-2 - USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service.
Red Hat Security Advisory 2023-0625-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0624-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
An update for samba is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern e...
An update for samba is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client...
Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. * CVE-2021-4238: A f...
Red Hat OpenShift Container Platform release 4.12.2 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Red Hat Security Advisory 2023-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.26.
Red Hat Security Advisory 2023-0594-01 - KSBA is a library to make X.509 certificates as well as the CMS easily accessible by other applications. Both specifications are building blocks of S/MIME and TLS. Issues addressed include code execution and integer overflow vulnerabilities.
An update for libksba is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
An update for libksba is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
An update for libksba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...
An update for libksba is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-47629: A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-0540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release.
Red Hat Security Advisory 2023-0449-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.1.
Red Hat Security Advisory 2022-9096-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include bypass and denial of service vulnerabilities.
The components for Red Hat OpenShift support for Windows Container 7.0.0 are now available. This product release includes bug fixes and a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25749: kubelet: runAsNonRoot logic bypass for Windows containers * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter *...
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat OpenShift Container Platform release 4.11.25 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7399-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-7398-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.0. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-2879: golang: arc...
Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...
Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: go-yaml: Denial of Service in go-yaml * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-2995: cri-o: incorrect handlin...
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.
Ubuntu Security Notice 5800-1 - It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2023-0096-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat Security Advisory 2022-9107-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.21. There are no RPM packages for this release. Space precludes documenting all of the container images in this advisory.
Red Hat OpenShift Container Platform release 4.11.21 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
Red Hat OpenShift Container Platform release 4.11.20 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before pa...
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions...
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the _chartutil_ package that can cause a segmentation violation. Applications that use functions from the _chartutil_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with a schema file that causes a memory violation panic. Helm is not a long running service so the pani...
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the _repo_ package that can cause a segmentation violation. Applications that use functions from the _repo_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. ### Impact The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will no...
Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-8977-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
An update for dbus is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
Release of OpenShift Serverless 1.26.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
Red Hat Security Advisory 2022-8932-01 - Red Hat OpenShift Serverless Client kn 1.26.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.26.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks.
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays
Red Hat Security Advisory 2022-8827-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
Red Hat Security Advisory 2022-8812-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility.
An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
An update for dbus is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42010: dbus: dbus-daemon crashes when receiving message with incorrectly nested parentheses and curly brackets * CVE-2022-42011: dbus: dbus-daemon can be crashed by messages with array length inconsistent with element type * CVE-2022-42012: dbus: `_dbus_marshal_byteswap` doesn't process fds in messages with "foreign" endianness co...
### Impact Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back. However, a flaw in the way this mechanism was implemented in the exporter toolkit makes it possible with people who know the hashed password to authenticate against Prometheus. A request can be forged by an attacker to poison the internal cache used to cache the computation of hashes and make subsequent requests successful. This cache is used in both happy and unhappy scenarios in order to limit side channel attacks that could tell an attacker if a user is present in the file or not. ### Patches The exporter-toolkit v0.7.3 and v0.8.2 have been released to address this issue. ### Workarounds There is no workaround but attacker must have access to the hashed password, stored in disk, to bypass the au...
Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat Security Advisory 2022-8669-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Red Hat Security Advisory 2022-8663-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
An update for krb5 is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42898: krb5: integer overflow vulnerabilities in PAC parsing
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]
Debian Linux Security Advisory 5286-1 - Greg Hudson discovered integer overflow flaws in the PAC parsing in krb5, the MIT implementation of Kerberos, which may result in remote code execution (in a KDC, kadmin, or GSS or Kerberos application server process), information exposure (to a cross-realm KDC acting maliciously), or denial of service (KDC or kadmind process crash).
Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-8493-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-8492-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.
An update for python3.9 is now available for Red Hat Enterprise Linux 9 and Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42919: python: local privilege escalation via the multiprocessing forkserver start method
An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Extended Update Support, and Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42919: python: local privilege escalation via the multiprocessing forkserver start method
An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20291: containers/storage: DoS via malicious image * CVE-2021-33195: golang: net: lookup functions may return invalid host names * CVE-2021-33197: golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty * CVE-2021-33198: golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very l...
An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28851: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension * CVE-2020-28852: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag * CVE-2021-4024: podman: podman machine spawns gvproxy with port bound to all IPs * CVE-2021-20199: podman: Remote traffic to rootless containers is seen as orgin...
libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex.
Red Hat Security Advisory 2022-6882-01 - Openshift Logging 5.3.13 security and bug fix release.
An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-7822-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2989: podman: possible information disclosure and modification * CVE-2022-2990: buildah: possible information disclosure and modification
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...
Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.4, but users would need to make specific uncommo...
Ubuntu Security Notice 5713-1 - Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges.
Red Hat Security Advisory 2022-7216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. Issues addressed include code execution and memory leak vulnerabilities.
Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...
Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...
Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...
Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...
Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
Ubuntu Security Notice 5704-1 - It was discovered that DBus incorrectly handled messages with invalid type signatures. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus was incorrectly validating the length of arrays of fixed-length items. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service. It was discovered that DBus incorrectly handled the body DBus message with attached file descriptors. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.
An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2509: gnutls: Double free during gnutls_pkcs7_verify
Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Red Hat Security Advisory 2022-7024-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-7025-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a use-after-free vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6801-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6805-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.36. Issues addressed include a code execution vulnerability.
Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.8.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
Red Hat OpenShift Container Platform release 4.10.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat OpenShift Container Platform release 4.10.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat OpenShift Container Platform release 4.10.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat OpenShift Container Platform release 4.10.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Red Hat Security Advisory 2022-6854-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Issues addressed include a double free vulnerability.
An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
An update for gnutls and nettle is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2509: gnutls: Double free during gnutls_pkcs7_verify
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
Red Hat Security Advisory 2022-6834-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.
An update for expat is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-40674: expat: a use-after-free in the doContent function in xmlparse.c
Red Hat Security Advisory 2022-6780-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6780-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6779-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6778-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6781-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6781-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6763-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6763-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6763-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6764-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2022-6765-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a memory leak vulnerability.
An update for bind is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3080: bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
An update for bind is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Ubuntu Security Notice 5627-1 - It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.
Ubuntu Security Notice 5627-1 - It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information.
Ubuntu Security Notice 5626-1 - Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker could possibly use this issue to reduce performance, leading to a denial of service. It was discovered that Bind incorrectly handled statistics requests. A remote attacker could possibly use this issue to obtain sensitive memory contents, or cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
Red Hat Security Advisory 2022-6602-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
By sending specific queries to the resolver, an attacker can cause named to crash.
An update for gnupg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34903: gpg: Signature spoofing via status line injection
Red Hat Security Advisory 2022-6527-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.0 RPMs.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Security Advisory 2022-6463-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34903: gpg: Signature spoofing via status line injection
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...
Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2
Red Hat Security Advisory 2022-6263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.61. Issues addressed include denial of service and out of bounds read vulnerabilities.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6182-01 - Openshift Logging Bug Fix Release. Issue addressed include a stack exhaustion vulnerability.
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6370-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix security issues and several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6147-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6147-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6147-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6147-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.47. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaus...
Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Red Hat Security Advisory 2022-6184-01 - The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures.
Red Hat Security Advisory 2022-6170-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Red Hat Security Advisory 2022-6180-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Red Hat Security Advisory 2022-6171-01 - The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
An update for rsync is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
An update for rsync is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29154: rsync: remote arbitrary files write inside the directories of connecting peers
Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.
An update is now available for RHOL-5.5-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-0759: kubeclient: kubeconfig parsing error can lead to MITM attacks * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Gentoo Linux Security Advisory 202208-26 - Multiple vulnerabilities have been discovered in libarchive, the worst of which could result in arbitrary code execution. Versions less than 3.6.1 are affected.
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...
An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1785: vim: Out-of-bounds Write * CVE-2022-1897: vim: out-of-bounds write in vim_regsub_both() in regexp.c * CVE-2022-1927: vim: buffer over-read in utf_ptr2char() in mbyte.c
Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-5809-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.
An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1785: vim: Out-of-bounds Write * CVE-2022-1897: vim: out-of-bounds write in vim_regsub_both() in regexp.c * CVE-2022-1927: vim: buffer over-read in utf_ptr2char() in mbyte.c
An update for pcre2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Red Hat Security Advisory 2022-5704-01 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a privilege escalation vulnerability.
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29173: go-tuf: No protection against rollback attacks for roles other than root
Red Hat Security Advisory 2022-5673-01 - Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview. Issues addressed include a code execution vulnerability.
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-41103: containerd: insufficiently restricted permissions on container root and plugin directories * CVE-2021-43565: golang.org/x/crypto: empty plaintext packet causes panic * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.
Ubuntu Security Notice 5503-2 - USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
Ubuntu Security Notice 5503-1 - Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Red Hat Security Advisory 2022-5251-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2022-5251-01 - The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Issues addressed include an out of bounds read vulnerability.
Red Hat Security Advisory 2022-5252-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include an out of bounds read vulnerability.
An update for pcre2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c * CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
An update for pcre2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c * CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c
An update for libarchive is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26280: libarchive: an out-of-bounds read via the component zipx_lzma_alone_init
Red Hat Security Advisory 2022-5153-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2022-5189-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug and security fixes.
Red Hat Security Advisory 2022-5052-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4994-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
An update for xz is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Red Hat Security Advisory 2022-4940-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws.
HashiCorp go-getter before 2.0.2 allows Command Injection.
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses.
HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing.
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).
Red Hat Security Advisory 2022-4667-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.10.1 RPMs. Issues addressed include a denial of service vulnerability.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1271: gzip: arbitrary-file-write vulnerability
Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)