Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4965: Red Hat Security Advisory: OpenShift Container Platform 4.7.53 packages and security update

Red Hat OpenShift Container Platform release 4.7.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#git#java#kubernetes#aws#ibm#rpm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

发布:

2022-06-16

已更新:

2022-06-16

RHSA-2022:4965 - Security Advisory

  • 概述
  • 更新的软件包

概述

Moderate: OpenShift Container Platform 4.7.53 packages and security update

类型/严重性

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

Red Hat OpenShift Container Platform release 4.7.53 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

描述

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory.

Security Fix(es):

  • cri-o: memory exhaustion on the node when access to the kube api

(CVE-2022-1708)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available
at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

受影响的产品

  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

修复

  • BZ - 2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api

参考

  • https://access.redhat.com/security/updates/classification/#moderate

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM

conmon-2.0.29-3.rhaos4.7.el8.src.rpm

SHA-256: 51b84cf5581bbdc2b4da8ad2ec37fa411327c993c0c1d925f66b3eea07b3f75d

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.src.rpm

SHA-256: cdfa822035f2697dd73d55afb6d6c123716411200561ae9d860279f54db398a7

cri-tools-1.20.0-4.el8.src.rpm

SHA-256: e3812a990ca9c28f70bd4bb6f860ae5f36a5cc45d344ee4144b7099776244ac3

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.src.rpm

SHA-256: e6b48f3974769d0494e5d6c825cccfea10fb700b1673ee9363841304d4e17152

x86_64

conmon-2.0.29-3.rhaos4.7.el8.x86_64.rpm

SHA-256: 1918c1dc7286b38def6d0c26d76d33e94f8f5a053f0c5536f70ac3d2ae6c8589

conmon-debuginfo-2.0.29-3.rhaos4.7.el8.x86_64.rpm

SHA-256: 9466a86d5f195226d9db60f77f1815cf9b4b9adce3ed5e8e297ba84d6077b0cf

conmon-debugsource-2.0.29-3.rhaos4.7.el8.x86_64.rpm

SHA-256: d2c3e10badd754884575b561a4d1f9b2f0e2696605006c61bf80d22fe6263e22

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.x86_64.rpm

SHA-256: 86905115d9c9d6b0b339349878028753e591c8cf4a0b1844b5bccf5966f55f07

cri-o-debuginfo-1.20.8-3.rhaos4.7.gitb9df556.el8.x86_64.rpm

SHA-256: e339898065913601fa65022532f3678cc2cee157d1c498d56a6dcf1596fa1bc5

cri-o-debugsource-1.20.8-3.rhaos4.7.gitb9df556.el8.x86_64.rpm

SHA-256: 446f372440329440b8b6094916a856f49e86333e57df1ecdcd8bd4c5c75817a5

cri-tools-1.20.0-4.el8.x86_64.rpm

SHA-256: 34fd4955f4431aae45d1c009436df1aa0f02af50d4cbbc40a3929e44bba3e0b1

cri-tools-debuginfo-1.20.0-4.el8.x86_64.rpm

SHA-256: 40ff6b732eb70f24507063dd15e202b23a9f4832bae9df28ff527f4f572f33aa

cri-tools-debugsource-1.20.0-4.el8.x86_64.rpm

SHA-256: 626e6adc2add8e494dfcec3b378f9f0df887ed79ecd01ca6c7a2ce6df8bd10c8

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.x86_64.rpm

SHA-256: 5e38ee5522182d44548f1744e6de378427b384606543346b3bbdffae622355b4

ignition-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.x86_64.rpm

SHA-256: 8d2ab23656b76ca81417ac02b6b39274858a12105e6e76b53665937f773032de

ignition-debugsource-2.9.0-5.rhaos4.7.git1d56dc8.el8.x86_64.rpm

SHA-256: 5036639dd3a6cc24cc18735ce53805af40efcb928c789f371685df086315a5f6

ignition-validate-2.9.0-5.rhaos4.7.git1d56dc8.el8.x86_64.rpm

SHA-256: fbedd707571000f6c17a46d46bfb98bb217ddbfa6e4ba6deb9574206846d20a8

ignition-validate-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.x86_64.rpm

SHA-256: e3d19c6c9c3ed3f6e88707617ac181b320e50bcf3c79f739f602f254828aa4fa

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM

conmon-2.0.29-3.rhaos4.7.el7.src.rpm

SHA-256: c4d19f0b453a7fc5b7431e6bed3060a7c68e1a62b61224c43cd9bbb6956990e3

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el7.src.rpm

SHA-256: 4256947ba066fd41073ab199cdb640e923ccf08a60879d09852ecdb05efcc11d

x86_64

conmon-2.0.29-3.rhaos4.7.el7.x86_64.rpm

SHA-256: 6f32bc2a5cec25bb7e981b4d7f5bee171c0a8a89cd593b29e7a19568b1f8a06d

conmon-debuginfo-2.0.29-3.rhaos4.7.el7.x86_64.rpm

SHA-256: b094e419f0e2ed691eaaa1780606c22c93a6121d1e269fcf6871f20b18ffca09

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el7.x86_64.rpm

SHA-256: 5d61a3d1c5d3b00e5ad7052ba1f6b4f74b5160a9cfbfe8053e5d46ea92a2ec80

cri-o-debuginfo-1.20.8-3.rhaos4.7.gitb9df556.el7.x86_64.rpm

SHA-256: d6517fba74db24f63afba414c56288d03274a7a2912674d2d392b080724b081b

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM

conmon-2.0.29-3.rhaos4.7.el8.src.rpm

SHA-256: 51b84cf5581bbdc2b4da8ad2ec37fa411327c993c0c1d925f66b3eea07b3f75d

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.src.rpm

SHA-256: cdfa822035f2697dd73d55afb6d6c123716411200561ae9d860279f54db398a7

cri-tools-1.20.0-4.el8.src.rpm

SHA-256: e3812a990ca9c28f70bd4bb6f860ae5f36a5cc45d344ee4144b7099776244ac3

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.src.rpm

SHA-256: e6b48f3974769d0494e5d6c825cccfea10fb700b1673ee9363841304d4e17152

ppc64le

conmon-2.0.29-3.rhaos4.7.el8.ppc64le.rpm

SHA-256: e464d0fd2a7ce383d1fb28e96673b217e2c54674ded65a019064e8510d5e1bca

conmon-debuginfo-2.0.29-3.rhaos4.7.el8.ppc64le.rpm

SHA-256: 0265e580e7a32712daf647ad82b1634f1b4d28bc56d169e7110f8058e53d79c9

conmon-debugsource-2.0.29-3.rhaos4.7.el8.ppc64le.rpm

SHA-256: 4cb590c5b747e5163b0f1511859bb40fe50ac571326b196ee1462d92463c2142

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.ppc64le.rpm

SHA-256: fe33e1c4696462bf8a6d7d550c9709e46d0d3cee177c041d187aa57ded956d7c

cri-o-debuginfo-1.20.8-3.rhaos4.7.gitb9df556.el8.ppc64le.rpm

SHA-256: 40c885053ffd06f28e9967ae5ec4006d8ed72a04448b34052758d14f513b030c

cri-o-debugsource-1.20.8-3.rhaos4.7.gitb9df556.el8.ppc64le.rpm

SHA-256: 1711f658f86d04bafd383f34968077549abf1ae6dfa569372f74ab39dc5dbb17

cri-tools-1.20.0-4.el8.ppc64le.rpm

SHA-256: 4a4884553d8810b325cf3aa23caac566b8a08a206c5e57323a7fff619cd42038

cri-tools-debuginfo-1.20.0-4.el8.ppc64le.rpm

SHA-256: 8376fe838e80530639d70e2214b09ae2e0e95356645ab9faece4c4b6d53d1297

cri-tools-debugsource-1.20.0-4.el8.ppc64le.rpm

SHA-256: 0915b44f5ed0199ef241c6388e184d82fa88a6253108f9b2cbe5e76125db3113

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.ppc64le.rpm

SHA-256: e93e86c232af7c2c7e1526e2cb40321dfeee9de0e4e0291e86dedfac2cff79d1

ignition-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.ppc64le.rpm

SHA-256: 9534feda14944951bcc78ee0196acbbb235c6784cb41d1be4be6698005c4ccd5

ignition-debugsource-2.9.0-5.rhaos4.7.git1d56dc8.el8.ppc64le.rpm

SHA-256: 64dd160cab586508448b65a03ea288370f7180675dfa4da7e8f50e6033217609

ignition-validate-2.9.0-5.rhaos4.7.git1d56dc8.el8.ppc64le.rpm

SHA-256: 76df52c936115b10a78243954b18da342910c709b764c4d3280e058369e39ef8

ignition-validate-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.ppc64le.rpm

SHA-256: 5aa4db8646a4b6e585bab418eec76cdd2d53b81c329ea4e595011e25f5d35378

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM

conmon-2.0.29-3.rhaos4.7.el8.src.rpm

SHA-256: 51b84cf5581bbdc2b4da8ad2ec37fa411327c993c0c1d925f66b3eea07b3f75d

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.src.rpm

SHA-256: cdfa822035f2697dd73d55afb6d6c123716411200561ae9d860279f54db398a7

cri-tools-1.20.0-4.el8.src.rpm

SHA-256: e3812a990ca9c28f70bd4bb6f860ae5f36a5cc45d344ee4144b7099776244ac3

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.src.rpm

SHA-256: e6b48f3974769d0494e5d6c825cccfea10fb700b1673ee9363841304d4e17152

s390x

conmon-2.0.29-3.rhaos4.7.el8.s390x.rpm

SHA-256: da1fd9ad6e098f2c16c6eaf3ca355195beae91f10e49694ff10f2f38200232e6

conmon-debuginfo-2.0.29-3.rhaos4.7.el8.s390x.rpm

SHA-256: 07c833ae047844fb605365229b78ca8695654624d706153ada32d003a6f8cdc4

conmon-debugsource-2.0.29-3.rhaos4.7.el8.s390x.rpm

SHA-256: e314c65049e6eecdbd64b098931878ba43cbd3c7d953e4ecf56a473d9d5d0e3d

cri-o-1.20.8-3.rhaos4.7.gitb9df556.el8.s390x.rpm

SHA-256: 080d78e7aaae16c0afb216743246ba3bde677479cef2d981bc3281ac3ae2bed1

cri-o-debuginfo-1.20.8-3.rhaos4.7.gitb9df556.el8.s390x.rpm

SHA-256: fb8cc50f222b0297ee37b0d15deb1f319cf277c08812295350f2a646314016d9

cri-o-debugsource-1.20.8-3.rhaos4.7.gitb9df556.el8.s390x.rpm

SHA-256: 9154a0c67b6ee71ae9076938aa3a2be3d9178fbdecc4aef8923917845b1b906b

cri-tools-1.20.0-4.el8.s390x.rpm

SHA-256: 349aeb4cac8408629a1e0d5718519d5a1985602b39af3befbf9e4c117528aa5c

cri-tools-debuginfo-1.20.0-4.el8.s390x.rpm

SHA-256: 853ab04ec16850aa16939ad9d8836c5d7710af84306f924ececb6581b262cd25

cri-tools-debugsource-1.20.0-4.el8.s390x.rpm

SHA-256: 3ff8a89188e01009ce1d7bfe74018b68bdad65afcf38ec4c46376cdcb7196d0c

ignition-2.9.0-5.rhaos4.7.git1d56dc8.el8.s390x.rpm

SHA-256: 060ec1d259fe4d3b611dbfd1a967bb84bcf3bb50e75d0216a8d7e06c3f9d2aca

ignition-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.s390x.rpm

SHA-256: 9d3760845d8784f9c9afadd13b575dbddf14adaf4f9dd6c2df79abad25bf1198

ignition-debugsource-2.9.0-5.rhaos4.7.git1d56dc8.el8.s390x.rpm

SHA-256: 50fc8d6a31d36dd73630dceeb40768b1c16d9b78cd223d479f2720ddfe17f89f

ignition-validate-2.9.0-5.rhaos4.7.git1d56dc8.el8.s390x.rpm

SHA-256: 0c2eb514d86a19b0bb2281a65c1b275a44df9d85976f63e2013cbfa97997ef89

ignition-validate-debuginfo-2.9.0-5.rhaos4.7.git1d56dc8.el8.s390x.rpm

SHA-256: cf38ced4495298d49d9798769354d66082a02d03aa9122b30cd0c4f23c298b84

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Related news

Red Hat Security Advisory 2022-7529-01

Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.

RHSA-2022:7469: Red Hat Security Advisory: container-tools:4.0 security and bug fix update

An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities

RHSA-2022:7457: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...

Red Hat Security Advisory 2022-5392-01

Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.

RHSA-2022:5392: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...

Red Hat Security Advisory 2022-4999-01

Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.

RHSA-2022:4999: Red Hat Security Advisory: OpenShift Container Platform 3.11.715 packages and security update

Red Hat OpenShift Container Platform release 3.11.715 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

Red Hat Security Advisory 2022-4947-01

Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-4951-01

Red Hat Security Advisory 2022-4951-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.43. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2022-4965-01

Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2022-4943-01

Red Hat Security Advisory 2022-4943-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.18. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2022-4972-01

Red Hat Security Advisory 2022-4972-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.38. Issues addressed include a memory exhaustion vulnerability.

RHSA-2022:4947: Red Hat Security Advisory: OpenShift Container Platform 4.6.59 security update

Red Hat OpenShift Container Platform release 4.6.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion: Stored XSS vu...

RHSA-2022:4951: Red Hat Security Advisory: OpenShift Container Platform 4.8.43 packages and security update

Red Hat OpenShift Container Platform release 4.8.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

RHSA-2022:4972: Red Hat Security Advisory: OpenShift Container Platform 4.9.38 packages and security update

Red Hat OpenShift Container Platform release 4.9.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

RHSA-2022:4943: Red Hat Security Advisory: OpenShift Container Platform 4.10.18 packages and security update

Red Hat OpenShift Container Platform release 4.10.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api

CVE-2022-1708: Merge pull request from GHSA-fcm2-6c3h-pg6j · cri-o/cri-o@f032cf6

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

GHSA-fcm2-6c3h-pg6j: Node DOS by way of memory exhaustion through ExecSync request in CRI-O

### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI-O then reads the output and returns it to the Kubelet. If the output of the command is large enough, it is possible to exhaust the memory (or disk usage) of the node. The following deployment is an example yaml file that will output around 8GB of ‘A’ characters, which would be written to disk by conmon and read by CRI-O. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment100 spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 lifecycle: postStart: exec: command: ["/bin/s...