Headline
RHSA-2022:4943: Red Hat Security Advisory: OpenShift Container Platform 4.10.18 packages and security update
Red Hat OpenShift Container Platform release 4.10.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-06-13
Updated:
2022-06-13
RHSA-2022:4943 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: OpenShift Container Platform 4.10.18 packages and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.10.18 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.18. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:4944
Security Fix(es):
- cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform 4.10 for RHEL 8
SRPM
conmon-2.0.29-3.rhaos4.10.el8.src.rpm
SHA-256: a6eea4a0a3992e13022cc277944d25255813608a54a5357e898d9d22c63e3b1e
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.src.rpm
SHA-256: b630a7fccc6fa5ba132fa139e767b3a438412ce275a555881b827319b86757af
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.src.rpm
SHA-256: 50969011fba6ea3518eebf9576791efbe7fb30c24648d82286f6e37eb017da84
x86_64
conmon-2.0.29-3.rhaos4.10.el8.x86_64.rpm
SHA-256: b40ad8b756b8b8410e3aa5f285bc85b413b4d66de98710485fb3e95dd48d6589
conmon-debuginfo-2.0.29-3.rhaos4.10.el8.x86_64.rpm
SHA-256: 224fded625940cd9fb7fe9d2bc4a42108b422c5519a9b952d631086c691acf76
conmon-debugsource-2.0.29-3.rhaos4.10.el8.x86_64.rpm
SHA-256: 97dba8f7e107907d476b8d026fd91e63b85cc7e0cf7455799172e4d8c0b61ad3
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.x86_64.rpm
SHA-256: 7bcc34b75c4a34a764456668fd2dee5689d97b072e13ed8b92a26050a7b185bd
cri-o-debuginfo-1.23.3-3.rhaos4.10.git5fe1720.el8.x86_64.rpm
SHA-256: c6a78019c7c01cc13925b2e3ecf2cd18a21e456fcea6d4843f31fe85d48ec0ac
cri-o-debugsource-1.23.3-3.rhaos4.10.git5fe1720.el8.x86_64.rpm
SHA-256: b821d15b7349314f8a5dbfdfff2562305112646644d31ac27961cef40aae30fb
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: 52d67d01121b5c3a4da51ed38a58917f5ce6484dfa3d691cf6fc5e2682648eaf
python3-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: cf1828e2bd13c92f7f31a8a418e884f361f5dd875e92b6b7a1c8a24cc8d40f83
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8
SRPM
conmon-2.0.29-3.rhaos4.10.el8.src.rpm
SHA-256: a6eea4a0a3992e13022cc277944d25255813608a54a5357e898d9d22c63e3b1e
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.src.rpm
SHA-256: b630a7fccc6fa5ba132fa139e767b3a438412ce275a555881b827319b86757af
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.src.rpm
SHA-256: 50969011fba6ea3518eebf9576791efbe7fb30c24648d82286f6e37eb017da84
ppc64le
conmon-2.0.29-3.rhaos4.10.el8.ppc64le.rpm
SHA-256: 5f07291ca3ce48bc01aee65a0f36b64abbba7fef879ce319ddcd2a2c74b8f94f
conmon-debuginfo-2.0.29-3.rhaos4.10.el8.ppc64le.rpm
SHA-256: d3ce570a3d4ee44f82acbe25a25d187ecfdf580025c22078cda73dfb3dff4aba
conmon-debugsource-2.0.29-3.rhaos4.10.el8.ppc64le.rpm
SHA-256: bd6b92fa8ec5695937f45a9c741199dc2635f2c12e38f1b4c56395e153f65e5d
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.ppc64le.rpm
SHA-256: 75a995a0b935cf0fee6e53c64549446baab2530402840c3a4f7e0ee2941579b8
cri-o-debuginfo-1.23.3-3.rhaos4.10.git5fe1720.el8.ppc64le.rpm
SHA-256: 2101517a1d2c2ec8b4cdd55160a5ae2275d662beca7557b51e4a9db77bd335be
cri-o-debugsource-1.23.3-3.rhaos4.10.git5fe1720.el8.ppc64le.rpm
SHA-256: bb11dbcb8f9130c712397b9495ca30c818da7f39acc56aa5357fa7384a690111
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: 52d67d01121b5c3a4da51ed38a58917f5ce6484dfa3d691cf6fc5e2682648eaf
python3-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: cf1828e2bd13c92f7f31a8a418e884f361f5dd875e92b6b7a1c8a24cc8d40f83
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8
SRPM
conmon-2.0.29-3.rhaos4.10.el8.src.rpm
SHA-256: a6eea4a0a3992e13022cc277944d25255813608a54a5357e898d9d22c63e3b1e
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.src.rpm
SHA-256: b630a7fccc6fa5ba132fa139e767b3a438412ce275a555881b827319b86757af
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.src.rpm
SHA-256: 50969011fba6ea3518eebf9576791efbe7fb30c24648d82286f6e37eb017da84
s390x
conmon-2.0.29-3.rhaos4.10.el8.s390x.rpm
SHA-256: d8e802704775b5a28a83a95177c71462f74fa168dbdfab1f3d63350cc7d74748
conmon-debuginfo-2.0.29-3.rhaos4.10.el8.s390x.rpm
SHA-256: 939143a323b2fc2a36c42088b208438ae49a63c987c6c51ab0b56ac6eba6b5d8
conmon-debugsource-2.0.29-3.rhaos4.10.el8.s390x.rpm
SHA-256: a75785b926f51a304c6a5ede0851bb2289ef26210a36e7636bcd16312e2a426c
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.s390x.rpm
SHA-256: 269e4c10a502d5ec16cab9474a0a3e732dfb493080c62f07167dec7389af753c
cri-o-debuginfo-1.23.3-3.rhaos4.10.git5fe1720.el8.s390x.rpm
SHA-256: 3e3268b7f6a4962c533fdfc3621b27ec2863efa3050fe0031500a64a4eb36903
cri-o-debugsource-1.23.3-3.rhaos4.10.git5fe1720.el8.s390x.rpm
SHA-256: 3a070d5b8c1de94e012af468f2226b021591cde2de208e36b3f0e9b3b4b6eae3
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: 52d67d01121b5c3a4da51ed38a58917f5ce6484dfa3d691cf6fc5e2682648eaf
python3-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: cf1828e2bd13c92f7f31a8a418e884f361f5dd875e92b6b7a1c8a24cc8d40f83
Red Hat OpenShift Container Platform for ARM 64 4.10
SRPM
conmon-2.0.29-3.rhaos4.10.el8.src.rpm
SHA-256: a6eea4a0a3992e13022cc277944d25255813608a54a5357e898d9d22c63e3b1e
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.src.rpm
SHA-256: b630a7fccc6fa5ba132fa139e767b3a438412ce275a555881b827319b86757af
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.src.rpm
SHA-256: 50969011fba6ea3518eebf9576791efbe7fb30c24648d82286f6e37eb017da84
aarch64
conmon-2.0.29-3.rhaos4.10.el8.aarch64.rpm
SHA-256: e81649039cc231a38ba475641c542a60e3cf9b1ba4e85eca0a137f46f3455b99
conmon-debuginfo-2.0.29-3.rhaos4.10.el8.aarch64.rpm
SHA-256: 34a7a57a59cc2a07ebc51ef3144ec3ffd6c27f74a4f111c8f7ea9613ce5dbaf8
conmon-debugsource-2.0.29-3.rhaos4.10.el8.aarch64.rpm
SHA-256: 0dcaa275c17967a2b6fe53dd49c56859368cc7fa896ee50ba76a2dd2e2495e5d
cri-o-1.23.3-3.rhaos4.10.git5fe1720.el8.aarch64.rpm
SHA-256: b61821d90a6c0bf6859ae46bff349556058302c5e2b49179c0d0dac930bab657
cri-o-debuginfo-1.23.3-3.rhaos4.10.git5fe1720.el8.aarch64.rpm
SHA-256: 518b853e64df85c519617aad2ab3a652ce43f3eb74061ff72c7b6e7ab9481a6f
cri-o-debugsource-1.23.3-3.rhaos4.10.git5fe1720.el8.aarch64.rpm
SHA-256: 3e11d50300aea4484a0f59992a20ec3234d2ac0810a394ce14b58805322ed803
openstack-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: 52d67d01121b5c3a4da51ed38a58917f5ce6484dfa3d691cf6fc5e2682648eaf
python3-ironic-python-agent-8.3.1-0.20220606104811.3c9b113.el8.noarch.rpm
SHA-256: cf1828e2bd13c92f7f31a8a418e884f361f5dd875e92b6b7a1c8a24cc8d40f83
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.
Red Hat OpenShift Container Platform release 3.11.715 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-4951-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.43. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4943-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.18. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4972-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.38. Issues addressed include a memory exhaustion vulnerability.
Red Hat OpenShift Container Platform release 4.6.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion: Stored XSS vu...
Red Hat OpenShift Container Platform release 4.8.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.7.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.9.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI-O then reads the output and returns it to the Kubelet. If the output of the command is large enough, it is possible to exhaust the memory (or disk usage) of the node. The following deployment is an example yaml file that will output around 8GB of ‘A’ characters, which would be written to disk by conmon and read by CRI-O. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment100 spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 lifecycle: postStart: exec: command: ["/bin/s...