Headline

RHSA-2023:1503: Red Hat Security Advisory: OpenShift Container Platform 4.11.34 packages and security update

Red Hat OpenShift Container Platform release 4.11.34 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-4318: A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #redis #nodejs #js #git #java #kubernetes #aws #ibm #rpm

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
OpenShift Dev Spaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2023-04-04

Updated:

2023-04-04

RHSA-2023:1503 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.11.34 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.11.34 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.34. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:1504

Security Fix(es):

cri-o: /etc/passwd tampering privesc (CVE-2022-4318)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

Fixes

BZ - 2152703 - CVE-2022-4318 cri-o: /etc/passwd tampering privesc

References

https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Red Hat OpenShift Container Platform 4.11 for RHEL 8

SRPM

atomic-openshift-service-idler-4.11.0-202303240327.p0.ga0f9090.assembly.stream.el8.src.rpm

SHA-256: d8bb906d27d8816fb5eded0c65f2e6fe350bf06af01f85699cdcbaa10556da55

cri-o-1.24.4-10.rhaos4.11.git1ed5ac5.el8.src.rpm

SHA-256: 44c1deea2911ce0b10c8f51a5c7c5170774f385e4843a75c97d5ea7dac8e3314

openshift-4.11.0-202303240327.p0.gaf0420d.assembly.stream.el8.src.rpm

SHA-256: 9180855f92439cb2d34e40f685027cd12336d88e44bd88807488f475dc63132c

openshift-ansible-4.11.0-202303240327.p0.gdf73941.assembly.stream.el8.src.rpm

SHA-256: 2669c68757fb97c802f16ba69b148c8af2eb0c31d21c85a0a1b89a2826fe585e

openshift-clients-4.11.0-202303240327.p0.gdea6f47.assembly.stream.el8.src.rpm

SHA-256: 05eb57604b1958afe67ebb13b76d2c87e47714c97a61a3b96ff56798ba44a338

openshift-kuryr-4.11.0-202303240327.p0.g93daed6.assembly.stream.el8.src.rpm

SHA-256: 68e95224aa6585947aee4baa232d543b515018a5827f3ed969f3860283ba1a68

x86_64

atomic-openshift-service-idler-4.11.0-202303240327.p0.ga0f9090.assembly.stream.el8.x86_64.rpm

SHA-256: 201c7a85746a9ff951e018233c7db2cd20681f9c2e8a0ad36561e85f108f2452

cri-o-1.24.4-10.rhaos4.11.git1ed5ac5.el8.x86_64.rpm

SHA-256: bc5221254b3140ce673abc940120b08f4ea903297cf59cce9271c21819e1d592

cri-o-debuginfo-1.24.4-10.rhaos4.11.git1ed5ac5.el8.x86_64.rpm

SHA-256: 4719547ca9a29a65947aa27abfbbc55616c8753f78af7915f16ee2123b93905c

cri-o-debugsource-1.24.4-10.rhaos4.11.git1ed5ac5.el8.x86_64.rpm

SHA-256: 196bda0539d538b7852e55a7d8eddd17c453a46b77f6a68e709ff5208076d35a

openshift-ansible-4.11.0-202303240327.p0.gdf73941.assembly.stream.el8.noarch.rpm

SHA-256: b73ac9e46bbb2b6b3334fd709c87ef85205e52ac877b3f63e82e3151849de2a5

openshift-ansible-test-4.11.0-202303240327.p0.gdf73941.assembly.stream.el8.noarch.rpm

SHA-256: ed2f8301027e1252aea43a7c2f591abe10839523c3159251c4305efa1390857a

openshift-clients-4.11.0-202303240327.p0.gdea6f47.assembly.stream.el8.x86_64.rpm

SHA-256: f6a289171c087a1894bf62be1b5492cae9aff889d6475d51fd78b9b80c601de1

openshift-clients-redistributable-4.11.0-202303240327.p0.gdea6f47.assembly.stream.el8.x86_64.rpm

SHA-256: 8ca86752db33ca3ad4931360913d3bb4623c8dadd9db93106b42b304e026cbde

openshift-hyperkube-4.11.0-202303240327.p0.gaf0420d.assembly.stream.el8.x86_64.rpm

SHA-256: 6869fb2bfe567fcff5e6af104f93e75618654d0bfb13d5ee3ff0419b4e9bb522

openshift-kuryr-cni-4.11.0-202303240327.p0.g93daed6.assembly.stream.el8.noarch.rpm

SHA-256: 6d8c39d8b4396aaa2671bbc7067bc894524a90acd093b5dac6c88f951ba52be9

openshift-kuryr-common-4.11.0-202303240327.p0.g93daed6.assembly.stream.el8.noarch.rpm

SHA-256: 65f8fd754c310aeb54f88b3664ee82f0cd062bf80e7c089a45d9fa2ba77fa47e

openshift-kuryr-controller-4.11.0-202303240327.p0.g93daed6.assembly.stream.el8.noarch.rpm

SHA-256: 0e6795e4ce9dda9e5bcf9b08cfe939569d7645d2a6fc0a5fef0d314e9fef089e

python3-kuryr-kubernetes-4.11.0-202303240327.p0.g93daed6.assembly.stream.el8.noarch.rpm

SHA-256: a9ff0d5a5ef17ada7443e4485afdcba05c5c445d50656d4ae59ab8bd0f5bc5ef

Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8