Headline
RHSA-2022:2263: Red Hat Security Advisory: OpenShift Container Platform 4.6.58 packages and security update
Red Hat OpenShift Container Platform release 4.6.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1227: psgo: Privilege escalation in ‘podman top’
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-26
Updated:
2022-05-26
RHSA-2022:2263 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.6.58 packages and security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.6.58 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:2264
Security Fix(es):
- psgo: Privilege escalation in ‘podman top’ (CVE-2022-1227)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
Fixes
- BZ - 2070368 - CVE-2022-1227 psgo: Privilege escalation in ‘podman top’
Red Hat OpenShift Container Platform 4.6 for RHEL 8
SRPM
podman-1.9.3-5.rhaos4.6.el8.src.rpm
SHA-256: c050d6923ef6ce1690aea424c54ae0ba1ad581b3c2a6c7113111409302f61c12
x86_64
podman-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: 1d3032506e518bf4c880ef7817160fe064fca22ee43d3ef4e1076f6da9642591
podman-debuginfo-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: e0f33e84b565fc79486682e55f38fe41e6883c265b01e34e65946979d514db50
podman-debugsource-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: 5f9a7f0f3eb59f332a1685cd034d9a0924403797bfcd715ebc4065356ba8085a
podman-docker-1.9.3-5.rhaos4.6.el8.noarch.rpm
SHA-256: 8d56f4067c6c4e1f0c9a046889d7d0cd1fdcaf82413bcb47cb6568ca41d5c418
podman-remote-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: ac0bf73b5dfa8cdfc39e5d2bbf55d7d41a42b5bd59c6105efb7cbda8d8382854
podman-remote-debuginfo-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: 5c89f63a257fa68567bbd16691626ae703d39f10d7399c6b8a8141c93a4347a9
podman-tests-1.9.3-5.rhaos4.6.el8.x86_64.rpm
SHA-256: 3cfeeb0d7003a04124f71b53d51c6867e9e921f5a48ed5c9cb54ac18c6af3fab
Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8
SRPM
podman-1.9.3-5.rhaos4.6.el8.src.rpm
SHA-256: c050d6923ef6ce1690aea424c54ae0ba1ad581b3c2a6c7113111409302f61c12
ppc64le
podman-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: 8da48b30ab56299343e3a75b1114d98a9ce8c8cbebd2f84fe642904e832d5c46
podman-debuginfo-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: e88f32ff16b4df2b7ef4441023c12ce77d531ae7896dae60193a7e65f1db0fcf
podman-debugsource-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: b58d78c7dd1c45a04d9a72e4e9ce52b86256eb49b32b66c72616ea2c3bd8c63b
podman-docker-1.9.3-5.rhaos4.6.el8.noarch.rpm
SHA-256: 8d56f4067c6c4e1f0c9a046889d7d0cd1fdcaf82413bcb47cb6568ca41d5c418
podman-remote-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: 675472c8c6c6e506194b68680ad02ca19f7ace1565f500ca7223450e3cbccce5
podman-remote-debuginfo-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: 522ae749a9ac8a38ff8ce5a8cb4e3bcbc788a9ac02d90304b9e3d401addcf628
podman-tests-1.9.3-5.rhaos4.6.el8.ppc64le.rpm
SHA-256: c938a9b5ff2fc37ef0334f63ac038818d62836fb7e6c9f1e905d5b350e9becfc
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8
SRPM
podman-1.9.3-5.rhaos4.6.el8.src.rpm
SHA-256: c050d6923ef6ce1690aea424c54ae0ba1ad581b3c2a6c7113111409302f61c12
s390x
podman-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: 68e518b3850cbfb5fc9921e94b43002cb631593324f8cec49cdb7fae86b8598d
podman-debuginfo-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: 3fb4f872622202f54c5681411537110b21ea2379dc325d7cd45961a5c3495f14
podman-debugsource-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: f6352bcc7781a0d93f0e62590751375c81df08a3fdbbf044ce6c6c1c116ce9d1
podman-docker-1.9.3-5.rhaos4.6.el8.noarch.rpm
SHA-256: 8d56f4067c6c4e1f0c9a046889d7d0cd1fdcaf82413bcb47cb6568ca41d5c418
podman-remote-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: 208bf0e3b5465f63bafb195a7c8d18ca6464d376bc1435af3bebeb3b558a3c9c
podman-remote-debuginfo-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: 81be2cefa52a444a2fc5d8ae1299561ce2f807d734d39fcefa4796af4c534fa9
podman-tests-1.9.3-5.rhaos4.6.el8.s390x.rpm
SHA-256: db3f5cefc50ab1ef51078ff142438f0a49fa30d76ccf9f2383931424b812de61
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-5622-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top'
Red Hat Security Advisory 2022-4816-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top' * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
Red Hat Security Advisory 2022-2263-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.58. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-4651-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
An update for the container-tools:2.0 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top' * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27651: buildah: Default inheritable capabilities for linux container should be empty
An update for podman is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top'
Red Hat Security Advisory 2022-2143-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a privilege escalation vulnerability.
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top'
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1227: psgo: Privilege escalation in 'podman top' * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-27649: podman: Default inheritable capabilities for linux container should be empty * CVE-2022-27650: crun: Default inheritable capabilities for linux container should be empty...
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.