Headline
RHSA-2022:9110: Red Hat Security Advisory: OpenShift Container Platform 4.9.54 packages and security update
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-06
Updated:
2023-01-06
RHSA-2022:9110 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.9.54 packages and security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.54. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:9111
Security Fix(es):
- jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin (CVE-2022-34177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64
Fixes
- BZ - 2103551 - CVE-2022-34177 jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Red Hat OpenShift Container Platform 4.9 for RHEL 8
SRPM
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm
SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba
jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm
SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222
jenkins-2.361.1.1669892772-1.el8.src.rpm
SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf
openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm
SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm
SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e
x86_64
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm
SHA-256: ecbb9a88dd1c0d48d3e82eab44575460e980e857bc3df8a3c1a6cffe7f690dc5
cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm
SHA-256: d0cfafca561e3dabbc1fc09901051db37505060f1e9016301ad0e67f5ad01f5b
cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm
SHA-256: 155a5001e25d355881f7fb8511a3e58569fe345047f0ba0f3578425263ea8b43
jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm
SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89
jenkins-2.361.1.1669892772-1.el8.noarch.rpm
SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.x86_64.rpm
SHA-256: 16cb86270f85901027939378231bbd87bf5c024f209183da523448037a264921
openshift-clients-redistributable-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.x86_64.rpm
SHA-256: daf4110ef2467f47d33f02e7dde81c42723e2a641f07d39b8613ade2cb30468a
openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.x86_64.rpm
SHA-256: c1ccc82ae53989c584a4cbf4430faf92803099af38129ae7e173743117e64772
Red Hat OpenShift Container Platform 4.9 for RHEL 7
SRPM
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el7.src.rpm
SHA-256: 2a44f517f9663de792d46907e0d9a85c8c3a9c90bd79f492336a3143469c5ef6
openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el7.src.rpm
SHA-256: ea5c10535b11b8c31aa6138cc37deee1dc032c0b3fbb616cdbc40b6de9f807be
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.src.rpm
SHA-256: 9d21d71ed841748f50aa3d1912fad885572bcf1ed21cb5324d917de3b18b1393
x86_64
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el7.x86_64.rpm
SHA-256: 57f4d40be51beab1c8ae863179ed53202f29989047f3c59d10a16ef1963644a4
cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el7.x86_64.rpm
SHA-256: 5ec4aae8ecba18d7a91303a3257e420834fce0155d0277ae2cecb8fe5f26f4d2
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.x86_64.rpm
SHA-256: ceebfa2a62ad5203d9926d88f599be1003bfae1a05016956ffdafc48d457b7ad
openshift-clients-redistributable-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.x86_64.rpm
SHA-256: b8f76abbc02635355a91b490c5911dead134aaccac7124a0e651522e0be59503
openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el7.x86_64.rpm
SHA-256: 22192ce8da7d22a1172cebc15f27fac74ea33cee8ec562512f02e0e045289c85
Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8
SRPM
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm
SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba
jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm
SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222
jenkins-2.361.1.1669892772-1.el8.src.rpm
SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf
openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm
SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm
SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e
ppc64le
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm
SHA-256: 6a6af686eace5c445cbb17de685d824b7e793b7ff98e38c7912147a46e50de54
cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm
SHA-256: 56716b7748b0ed4cda697474680bb7367cea67b99a13d021c295ef0afd5a2b9f
cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm
SHA-256: 02458050221d60e4ab9beaac6b70299f8970041ff226c8b072e9fe0f225de36a
jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm
SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89
jenkins-2.361.1.1669892772-1.el8.noarch.rpm
SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.ppc64le.rpm
SHA-256: c0fdf50c1083a4396222e34066da458cfde7b0cfbf18f15e3526910b55376ef5
openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.ppc64le.rpm
SHA-256: 5b96c5c0ec05b062c47278cdc69c850ec693e3656c2c02a770aa3258469c8708
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8
SRPM
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm
SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba
jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm
SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222
jenkins-2.361.1.1669892772-1.el8.src.rpm
SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf
openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm
SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm
SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e
s390x
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm
SHA-256: fe7278b9640c78a6d37a79c4315a893dc51e57be89b9edeee239a6849de0863d
cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm
SHA-256: b602595ec27d0948c93bebd8e4b030dd763c7e160377f569a6d09cc4af51957f
cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm
SHA-256: 3d48fa62d78b54935e69881a33a01da7885a5dda650da6694ad7a56fa59811b5
jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm
SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89
jenkins-2.361.1.1669892772-1.el8.noarch.rpm
SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.s390x.rpm
SHA-256: 571d927dbb39d13a21b8a7055881652d792ace5a381242b95977685d649d811d
openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.s390x.rpm
SHA-256: 6a106212d281558014f95caf706945fcffcbddc1ae895e45402f2a6b6c6cb4be
Red Hat OpenShift Container Platform for ARM 64 4.9
SRPM
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm
SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba
jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm
SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222
jenkins-2.361.1.1669892772-1.el8.src.rpm
SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf
openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm
SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm
SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e
aarch64
cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm
SHA-256: 39acb09dc399cae74bd6c74c5051618195b90a74badbb4017843b1567c0603b7
cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm
SHA-256: 89ec5bbff9fba6b96cdea6756e1793a4cbf76a4db5ab0e17a86308879a3d7132
cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm
SHA-256: 96da7ee313572d5718d5d30fac049afea69a20a809e53e513de3996be4ea295c
jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm
SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89
jenkins-2.361.1.1669892772-1.el8.noarch.rpm
SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082
openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.aarch64.rpm
SHA-256: 3ea1905e125fe7b46e533ac49f209ab969499f7dcf61654736692c6113bfe72a
openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.aarch64.rpm
SHA-256: a0821a8a90f35891ed169c6b95e733c2fe12f3ff48639ec1807503cf06478a3b
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.
Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.