Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:9110: Red Hat Security Advisory: OpenShift Container Platform 4.9.54 packages and security update

Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin
Red Hat Security Data
#vulnerability#web#linux#red_hat#redis#nodejs#js#git#java#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-06

Updated:

2023-01-06

RHSA-2022:9110 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.9.54 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.54 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.54. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2022:9111

Security Fix(es):

  • jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin (CVE-2022-34177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

  • BZ - 2103551 - CVE-2022-34177 jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm

SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba

jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm

SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222

jenkins-2.361.1.1669892772-1.el8.src.rpm

SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf

openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm

SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm

SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e

x86_64

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm

SHA-256: ecbb9a88dd1c0d48d3e82eab44575460e980e857bc3df8a3c1a6cffe7f690dc5

cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm

SHA-256: d0cfafca561e3dabbc1fc09901051db37505060f1e9016301ad0e67f5ad01f5b

cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.x86_64.rpm

SHA-256: 155a5001e25d355881f7fb8511a3e58569fe345047f0ba0f3578425263ea8b43

jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm

SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89

jenkins-2.361.1.1669892772-1.el8.noarch.rpm

SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.x86_64.rpm

SHA-256: 16cb86270f85901027939378231bbd87bf5c024f209183da523448037a264921

openshift-clients-redistributable-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.x86_64.rpm

SHA-256: daf4110ef2467f47d33f02e7dde81c42723e2a641f07d39b8613ade2cb30468a

openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.x86_64.rpm

SHA-256: c1ccc82ae53989c584a4cbf4430faf92803099af38129ae7e173743117e64772

Red Hat OpenShift Container Platform 4.9 for RHEL 7

SRPM

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el7.src.rpm

SHA-256: 2a44f517f9663de792d46907e0d9a85c8c3a9c90bd79f492336a3143469c5ef6

openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el7.src.rpm

SHA-256: ea5c10535b11b8c31aa6138cc37deee1dc032c0b3fbb616cdbc40b6de9f807be

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.src.rpm

SHA-256: 9d21d71ed841748f50aa3d1912fad885572bcf1ed21cb5324d917de3b18b1393

x86_64

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el7.x86_64.rpm

SHA-256: 57f4d40be51beab1c8ae863179ed53202f29989047f3c59d10a16ef1963644a4

cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el7.x86_64.rpm

SHA-256: 5ec4aae8ecba18d7a91303a3257e420834fce0155d0277ae2cecb8fe5f26f4d2

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.x86_64.rpm

SHA-256: ceebfa2a62ad5203d9926d88f599be1003bfae1a05016956ffdafc48d457b7ad

openshift-clients-redistributable-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el7.x86_64.rpm

SHA-256: b8f76abbc02635355a91b490c5911dead134aaccac7124a0e651522e0be59503

openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el7.x86_64.rpm

SHA-256: 22192ce8da7d22a1172cebc15f27fac74ea33cee8ec562512f02e0e045289c85

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm

SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba

jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm

SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222

jenkins-2.361.1.1669892772-1.el8.src.rpm

SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf

openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm

SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm

SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e

ppc64le

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm

SHA-256: 6a6af686eace5c445cbb17de685d824b7e793b7ff98e38c7912147a46e50de54

cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm

SHA-256: 56716b7748b0ed4cda697474680bb7367cea67b99a13d021c295ef0afd5a2b9f

cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.ppc64le.rpm

SHA-256: 02458050221d60e4ab9beaac6b70299f8970041ff226c8b072e9fe0f225de36a

jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm

SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89

jenkins-2.361.1.1669892772-1.el8.noarch.rpm

SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.ppc64le.rpm

SHA-256: c0fdf50c1083a4396222e34066da458cfde7b0cfbf18f15e3526910b55376ef5

openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.ppc64le.rpm

SHA-256: 5b96c5c0ec05b062c47278cdc69c850ec693e3656c2c02a770aa3258469c8708

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm

SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba

jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm

SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222

jenkins-2.361.1.1669892772-1.el8.src.rpm

SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf

openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm

SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm

SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e

s390x

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm

SHA-256: fe7278b9640c78a6d37a79c4315a893dc51e57be89b9edeee239a6849de0863d

cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm

SHA-256: b602595ec27d0948c93bebd8e4b030dd763c7e160377f569a6d09cc4af51957f

cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.s390x.rpm

SHA-256: 3d48fa62d78b54935e69881a33a01da7885a5dda650da6694ad7a56fa59811b5

jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm

SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89

jenkins-2.361.1.1669892772-1.el8.noarch.rpm

SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.s390x.rpm

SHA-256: 571d927dbb39d13a21b8a7055881652d792ace5a381242b95977685d649d811d

openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.s390x.rpm

SHA-256: 6a106212d281558014f95caf706945fcffcbddc1ae895e45402f2a6b6c6cb4be

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.src.rpm

SHA-256: 737f1eb2385a0db7f52f890cd6ca2dc0f670750e9d4abc2caaf77c09646a05ba

jenkins-2-plugins-4.9.1669894222-1.el8.src.rpm

SHA-256: 88f7ade0e6de834a336050f3bc275f2a948239abb2fe65e16a429fc24d9dd222

jenkins-2.361.1.1669892772-1.el8.src.rpm

SHA-256: 91d81da78ee1452107a3cf910e0cc936bf82d3e9a82b7909fa5e9b6564005faf

openshift-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.src.rpm

SHA-256: 82e75a134a9f054f268546bb813ab461495444ce51ff6d20e0bb33baa2c9f5e2

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.src.rpm

SHA-256: ba7ccb0180b26e82549e0df3ffde85b96460eefe5789d1e71d343004cfb5b69e

aarch64

cri-o-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm

SHA-256: 39acb09dc399cae74bd6c74c5051618195b90a74badbb4017843b1567c0603b7

cri-o-debuginfo-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm

SHA-256: 89ec5bbff9fba6b96cdea6756e1793a4cbf76a4db5ab0e17a86308879a3d7132

cri-o-debugsource-1.22.5-16.rhaos4.9.git88e9cdc.el8.aarch64.rpm

SHA-256: 96da7ee313572d5718d5d30fac049afea69a20a809e53e513de3996be4ea295c

jenkins-2-plugins-4.9.1669894222-1.el8.noarch.rpm

SHA-256: 770cf20d4a8effeb35aa97adb8d7f189dbe1e5817b7df360336431ba24e03c89

jenkins-2.361.1.1669892772-1.el8.noarch.rpm

SHA-256: 22758cdbe1bbc4ff8971b8f60f503b98e315f5bb7e258ec4bbbdb2e219013082

openshift-clients-4.9.0-202212060855.p0.g88cfeb4.assembly.stream.el8.aarch64.rpm

SHA-256: 3ea1905e125fe7b46e533ac49f209ab969499f7dcf61654736692c6113bfe72a

openshift-hyperkube-4.9.0-202211302226.p0.gc763d11.assembly.stream.el8.aarch64.rpm

SHA-256: a0821a8a90f35891ed169c6b95e733c2fe12f3ff48639ec1807503cf06478a3b

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-9111-01

Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6531-01

Red Hat Security Advisory 2022-6531-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.33.

RHSA-2022:6531: Red Hat Security Advisory: OpenShift Container Platform 4.10.33 packages and security update

Red Hat OpenShift Container Platform release 4.10.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34177: jenkins-plugin: Arbitrary file write vulnerability in Pipeline Input Step Plugin

CVE-2022-34207: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-34200: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-34180: Jenkins Security Advisory 2022-06-22

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

CVE-2022-34182: Jenkins Security Advisory 2022-06-22

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

CVE-2022-34213: Jenkins Security Advisory 2022-06-22

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVE-2022-34176: Jenkins Security Advisory 2022-06-22

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

CVE-2022-34179: Jenkins Security Advisory 2022-06-22

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.

CVE-2022-34211: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL.