Headline
RHSA-2022:5729: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update
Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode
- CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression
Synopsis
Moderate: OpenShift Container Platform 4.10.25 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.10.25 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:5730
Security Fix(es):
- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
- BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
Red Hat OpenShift Container Platform 4.10 for RHEL 8
SRPM
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm
SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm
SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1
cri-tools-1.23.0-1.1.el8.src.rpm
SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca
openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm
SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm
SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm
SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159
openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm
SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa
openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm
SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf
x86_64
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64.rpm
SHA-256: aa64f692c8d1a387ef93cbda32dec1d1754e8b91f27947d805f8759e940d11ee
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm
SHA-256: 475453ce2535f98d3bc0a18d56ac1437d8d433bde95ebc2ab14bb8295c7867ca
cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm
SHA-256: b81761fe428ca00da6b5eada524322588c560d885c8a1e70e28ef480f60ea777
cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm
SHA-256: b38fc7f5cec48bbff909f2ed881326b23590dbac5973a6504045813450f31158
cri-tools-1.23.0-1.1.el8.x86_64.rpm
SHA-256: aab7620a2e10717408238f563f6e6d88a47ef3043f7ca667cc6fb4730d92de3b
cri-tools-debuginfo-1.23.0-1.1.el8.x86_64.rpm
SHA-256: 6a31f16d2df7274e214b21468670b1a94f7faf5e6ab32b855b9402a3121f8a2e
cri-tools-debugsource-1.23.0-1.1.el8.x86_64.rpm
SHA-256: c588c6b9572508b9da2a6cb643cf93cc1e2e6dd96713a16301e9dbe1b41e9808
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6
openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64.rpm
SHA-256: 3dc2d172cb71cfbb63375a15cf57791d79355cc451a819da639bb648f263e8c7
openshift-clients-redistributable-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64.rpm
SHA-256: 7ea7bf89c31d244b6c1cef8fd723127a65a798f30d4476102529ad19a731126c
openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64.rpm
SHA-256: ed274c9a41eca1e24600f964bbe93ac6b62b24e44b38c80dc683b97bf73bb3b4
openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505
openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584
openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314
openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3
openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f
openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3
python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120
python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661
Red Hat OpenShift Container Platform 4.10 for RHEL 7
SRPM
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src.rpm
SHA-256: 674d8d5bd700345bd37ec4e2c4c6a4f3571a0b04d4cace44e35882c0e2d8f609
cri-tools-1.23.0-1.1.el7.src.rpm
SHA-256: 933d76d2219372c3133910185bfd26d9a769f7e2e75d5154aea426766f15da43
openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src.rpm
SHA-256: 42b109072fd7501686a4a99e6e8fd1022cab0435140923ed02e5f7ac8f7dfda9
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src.rpm
SHA-256: cb64c25b53ec88e102498d3b95c83ed22a6eaef2fdf28a63cd857ab2e6840bbd
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src.rpm
SHA-256: cb286b91cfa9a137247edb84dc51f138a58aa80e2bd696e48f154c388dd54363
x86_64
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64.rpm
SHA-256: aead19ccf664a014f38f868ec78d78d2ab79489bb4d5dafd87d930d4e66aa8b7
cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64.rpm
SHA-256: 49afccf9d61e1efac16127baca5779901cbf8c45e727a18e93d620101f5b8c33
cri-tools-1.23.0-1.1.el7.x86_64.rpm
SHA-256: e89881143d76e64f84b372670df5f51691e652fc00795585d8b1fbd37c18484a
cri-tools-debuginfo-1.23.0-1.1.el7.x86_64.rpm
SHA-256: bd88aca0bf887eadfb137e1a5ffe1ce21690100f85ece3829fe24949cff03616
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch.rpm
SHA-256: 575a509559d47e470aadd6c90a3b9aa6f70e97e67d0e73c514bd3c6b1e14d587
openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch.rpm
SHA-256: 77aca16c1a148f7ad5cf6b5e6d982bc12be08a480d9b59ad098440d0b3cbd649
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64.rpm
SHA-256: bdc5c25f66b6f7f58c25266498d60f166fe6a94dc17abf8bbab14a276af02b98
openshift-clients-redistributable-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64.rpm
SHA-256: 1ab86529dfe7c63098651cfff7271b492f7c068ecd5d5b0d36b08d61d619afef
openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64.rpm
SHA-256: baa78b3b98c57b38bf32c052da08fda379a3d3afece5c58b0d97e7edbe0ff3a4
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8
SRPM
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm
SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm
SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1
cri-tools-1.23.0-1.1.el8.src.rpm
SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca
openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm
SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm
SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm
SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159
openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm
SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa
openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm
SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf
ppc64le
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le.rpm
SHA-256: 9e546a637d4876dd24577969f140ad8b405d11b57ad39eb096f4461354bfd281
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm
SHA-256: 0056cbb508f399294654b7309b60e39e6fc3bbfa0ed0c5227affc2ff3df91908
cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm
SHA-256: e0f0a8c02e458b8db8277ee5d9570de0c1c88fe88b43851ffa0e3e9c947c0aff
cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm
SHA-256: a768fc5d9062935b8af16fab99ed0ee328edd213cfbe13c972a8b1ac2d019e36
cri-tools-1.23.0-1.1.el8.ppc64le.rpm
SHA-256: 0b70745461be5786f7c44de657ff16c774b4efb765e1d45ceb23346f27405af6
cri-tools-debuginfo-1.23.0-1.1.el8.ppc64le.rpm
SHA-256: 9af4de6a76563b33117d02beb2c0c2a198130ff217c4df5c023ed1cf3a32f50e
cri-tools-debugsource-1.23.0-1.1.el8.ppc64le.rpm
SHA-256: 912118120f4741bb8cbe2fb97dbf8a6ca8e861175b8e7505a439d5345aed2912
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6
openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le.rpm
SHA-256: cad830f69fd0f25185423c1ae28ddb5c8e432380621f02854d3979c6ed0f4ac6
openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le.rpm
SHA-256: a807aabf82dc98cd91c0525ccdd69a1636b99c857126cbf0360dd485c944678c
openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505
openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584
openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314
openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3
openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f
openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3
python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120
python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8
SRPM
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm
SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm
SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1
cri-tools-1.23.0-1.1.el8.src.rpm
SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca
openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm
SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm
SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm
SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159
openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm
SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa
openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm
SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf
s390x
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x.rpm
SHA-256: 5f76baf04bed9bbce077acfd36d268900f1ffdef8d53de46e6e6318a0e137935
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm
SHA-256: bbcf1c11dedc6f562692a5ce304488f6592dbf2d18cee3b53d672ae7c4639aca
cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm
SHA-256: c42ab0ae8e17b7dfba4d58bd579f8c3491dbdc33178838f2ac8cfaa2284ae032
cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm
SHA-256: 5766dd3cda96fd0674b5bd6e720d17cf1723bce790e4451e76e6035643ba6d8e
cri-tools-1.23.0-1.1.el8.s390x.rpm
SHA-256: aa2ef31989377ae0d8c9a6af2482769405f6575d9ff80abc2be007d776aa796d
cri-tools-debuginfo-1.23.0-1.1.el8.s390x.rpm
SHA-256: 6a17cc79f1804b89e47c62d80db6dc690baacd949726677fd56035a675d76de4
cri-tools-debugsource-1.23.0-1.1.el8.s390x.rpm
SHA-256: 93caf67290f3587f7c67f18043daace287a24efe722067dac88235477deb2b03
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6
openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x.rpm
SHA-256: 8cdcf87c6fce463b050de175f4f5b812fbb380f3363649d4b1e56b6a7eddad09
openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x.rpm
SHA-256: 1494795d85d72c68f75913085650424947f91b4181f8981e3f4fe982582e6f1a
openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505
openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584
openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314
openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3
openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f
openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3
python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120
python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661
Red Hat OpenShift Container Platform for ARM 64 4.10
SRPM
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm
SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm
SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1
cri-tools-1.23.0-1.1.el8.src.rpm
SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca
openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm
SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm
SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm
SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159
openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm
SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa
openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm
SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf
aarch64
atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64.rpm
SHA-256: d2ca1f6c85b4b7d5bba36f794387723f2f3b157658eb9399e43e2151d615d4f7
cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm
SHA-256: 7a311f661f24adf9f9ef20e57d8af488777ab0309f8818fd94ae622ea609818a
cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm
SHA-256: 2409be8a98ae20e944fa6bee986c98b52208f0d59c7e5f04bb4a7ca86182b09c
cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm
SHA-256: 0cd0fc2d4aec0526301862d420a6a48e088170224e5557a25572e7a90df96ae8
cri-tools-1.23.0-1.1.el8.aarch64.rpm
SHA-256: bb9356a51e9a14157f6c0c6b45d7a35039e5cd4dc8a06147cb6b4e7007951066
cri-tools-debuginfo-1.23.0-1.1.el8.aarch64.rpm
SHA-256: aca29a3ba330e729d63aadcc35e5454b1a279ca24b3ea9f5a285ae10bff995ee
cri-tools-debugsource-1.23.0-1.1.el8.aarch64.rpm
SHA-256: e9d5c38f13bb44cbc0b46d4a9d166f7119994ef37e0f2c82995fc6d0db41074c
openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6
openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm
SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10
openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64.rpm
SHA-256: ec0c71d1de29a859e4d4e88f7e143af05c1eeb89b59d5697c20071c84e6ebd2b
openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64.rpm
SHA-256: 67228c3b762754f7493a9395871d13d482c891e2316342a46fe9fd51bb3093c3
openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505
openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584
openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314
openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3
openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f
openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3
python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm
SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120
python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm
SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661
Related news
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issu...
Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.
Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: ...
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...
Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...
Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.
Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...
Red Hat OpenShift Service Mesh 2.1.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group * CVE-2022-30629: golang: crypto/tls: session t...
Red Hat Security Advisory 2022-6155-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...
Updated packages that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.
Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...
Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...
Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...
Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.
Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Red Hat Security Advisory 2022-5729-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25.
Red Hat Security Advisory 2022-5730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25.
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...
Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.
Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.