Headline
RHSA-2023:4674: Red Hat Security Advisory: OpenShift Container Platform 4.12.30 packages and security update
Red Hat OpenShift Container Platform release 4.12.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-27664: A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-08-23
Updated:
2023-08-23
RHSA-2023:4674 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: OpenShift Container Platform 4.12.30 packages and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.12.30 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.30. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:4671
Security Fix(es):
- golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
- Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
- Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64
Fixes
- BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
Red Hat OpenShift Container Platform 4.12 for RHEL 9
SRPM
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm
SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646
x86_64
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.x86_64.rpm
SHA-256: 58972c8e8820c98114b70be013aef4f13fe482f1be75705dbc16ce1b83395da9
openshift-clients-redistributable-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.x86_64.rpm
SHA-256: 72166540b49c654ee9cfacf8cef367425120b8d295d88c57482a1e22a63688d4
Red Hat OpenShift Container Platform 4.12 for RHEL 8
SRPM
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm
SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm
SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd
x86_64
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm
SHA-256: 5343b2147dd6122f9fe3b6aaad3b747943c0597eb7c13a2b07ebe3b1f4450c5a
cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm
SHA-256: 1ffc77174da19cad2b6ce99f562feaa684e2862e1c6e988fcc1c3574fd076ed8
cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.x86_64.rpm
SHA-256: f88b45cde47ce69c2857678fa70cce73ae08f529497c390a153f5314822504b5
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.x86_64.rpm
SHA-256: aa08ab8aab47806ae1afa2c8b36efaa8eb330906738f6850291d8e5f81cf704f
openshift-clients-redistributable-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.x86_64.rpm
SHA-256: 1d644654c028672b7d92eec16732536aa1f7f9ea89dc9cf4536b50ee127e94fb
Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9
SRPM
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm
SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646
ppc64le
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.ppc64le.rpm
SHA-256: 9153a79ffb0dc341cb2419c14bc856a11468d697037bedd40168cc4949c23cd6
Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8
SRPM
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm
SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm
SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd
ppc64le
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm
SHA-256: c1b09e73c0017823d8c81efefebc48a55521ad0d9a598528d580c7f409b6be24
cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm
SHA-256: 1ce60698d869cbecabc6dd026e59634259ce4236e0401e24d42e5e23a1541f62
cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.ppc64le.rpm
SHA-256: d76f558cb92b3126af795aee9e784c440d85cc08b63474394774133a64471ffd
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.ppc64le.rpm
SHA-256: b5db7f9f57cc33e7d505c9ee5b5728bd36a660a3a219d0fc372254cb39016c37
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9
SRPM
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm
SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646
s390x
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.s390x.rpm
SHA-256: ae6c07d342a6fc8852e5569a2f859de488434d3760b44ed390807cf2e7b0010f
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8
SRPM
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm
SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm
SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd
s390x
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm
SHA-256: dbb3455f7508eabc9c92abc233ec2411deb2581170abab35aa5bdcd2ae76b7af
cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm
SHA-256: d006a7be10403b3a28b335e5a609f055b13cf88c31f35b98db5580f05c3d29be
cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.s390x.rpm
SHA-256: f08d061dc3c231f4d4c4dea054593dbaa883ba65d2e9ec9f24d023e195c0dc0f
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.s390x.rpm
SHA-256: 990fb3f046644c31b857b885f6a7e372f482b803791a86db289e78d2cc160505
Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9
SRPM
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.src.rpm
SHA-256: ea303f0721041040a6d2231ca9b8b5642bcf3a8579adc9b32b258c1061852646
aarch64
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el9.aarch64.rpm
SHA-256: c0bab9c7f7e9a13b6a1b86eaeb79c10c6fe73cb6f2d609a24482987de55dac16
Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8
SRPM
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.src.rpm
SHA-256: 581aaefdc5646ee558e1ebc1ec46491ea6b77bf4870c72de61caf6cc77f93a57
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.src.rpm
SHA-256: f045db67544b7d3b5b71f3bd3e3f918e03c3c3a6776011e57c7010ab41cd23dd
aarch64
cri-o-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm
SHA-256: 910c284f477e0064f70a6b36407005128ee26c4e96e1365d62d912a4f89af143
cri-o-debuginfo-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm
SHA-256: 6c8c760e5390787f69affbcc0a9db52d78a93d5c48f604f18a4f0c22d134afea
cri-o-debugsource-1.25.4-4.rhaos4.12.gitb9319a2.el8.aarch64.rpm
SHA-256: a03d3253bf9cf84ac08f6c731bda10acdb9cae7364828976cfc7839c6befc281
openshift-clients-4.12.0-202308151125.p0.gf61957e.assembly.stream.el8.aarch64.rpm
SHA-256: 23036f50f40c5bd96fa25da3a1dff589ce18f91269e30eac2b45fd158d4c82ae
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6038-2 - USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
Red Hat Security Advisory 2023-4731-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.10.
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-42581: A flaw was found in the Ramda NPM package that involves prototype poisoning. This flaw allows attackers to supply a crafted object, affecting the integrity or availability of the application. * CVE-2022-1650: A flaw was found in the EventSource NPM Package. The description from the source states the following messa...
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy saniti...
Red Hat Security Advisory 2023-1042-01 - Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Security Advisory 2023-0708-01 - Red Hat OpenShift Serverless Client kn 1.27.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.27.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Red Hat Security Advisory 2023-0709-01 - Version 1.27.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.8, 4.9, 4.10, 4.11 and 4.12. This release includes security and bug fixes, and enhancements.
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
Red Hat Security Advisory 2022-8634-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...