Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:5729: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression
Red Hat Security Data
#vulnerability#linux#red_hat#redis#git#kubernetes#ibm#rpm

Synopsis

Moderate: OpenShift Container Platform 4.10.25 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.25 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2022:5730

Security Fix(es):

  • golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
  • golang: regexp: stack exhaustion via a deeply nested expression

(CVE-2022-24921)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
  • BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm

SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1

cri-tools-1.23.0-1.1.el8.src.rpm

SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca

openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm

SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm

SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm

SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159

openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm

SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa

openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm

SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf

x86_64

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64.rpm

SHA-256: aa64f692c8d1a387ef93cbda32dec1d1754e8b91f27947d805f8759e940d11ee

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm

SHA-256: 475453ce2535f98d3bc0a18d56ac1437d8d433bde95ebc2ab14bb8295c7867ca

cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm

SHA-256: b81761fe428ca00da6b5eada524322588c560d885c8a1e70e28ef480f60ea777

cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64.rpm

SHA-256: b38fc7f5cec48bbff909f2ed881326b23590dbac5973a6504045813450f31158

cri-tools-1.23.0-1.1.el8.x86_64.rpm

SHA-256: aab7620a2e10717408238f563f6e6d88a47ef3043f7ca667cc6fb4730d92de3b

cri-tools-debuginfo-1.23.0-1.1.el8.x86_64.rpm

SHA-256: 6a31f16d2df7274e214b21468670b1a94f7faf5e6ab32b855b9402a3121f8a2e

cri-tools-debugsource-1.23.0-1.1.el8.x86_64.rpm

SHA-256: c588c6b9572508b9da2a6cb643cf93cc1e2e6dd96713a16301e9dbe1b41e9808

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6

openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64.rpm

SHA-256: 3dc2d172cb71cfbb63375a15cf57791d79355cc451a819da639bb648f263e8c7

openshift-clients-redistributable-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64.rpm

SHA-256: 7ea7bf89c31d244b6c1cef8fd723127a65a798f30d4476102529ad19a731126c

openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64.rpm

SHA-256: ed274c9a41eca1e24600f964bbe93ac6b62b24e44b38c80dc683b97bf73bb3b4

openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505

openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584

openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314

openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3

openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f

openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3

python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120

python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src.rpm

SHA-256: 674d8d5bd700345bd37ec4e2c4c6a4f3571a0b04d4cace44e35882c0e2d8f609

cri-tools-1.23.0-1.1.el7.src.rpm

SHA-256: 933d76d2219372c3133910185bfd26d9a769f7e2e75d5154aea426766f15da43

openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src.rpm

SHA-256: 42b109072fd7501686a4a99e6e8fd1022cab0435140923ed02e5f7ac8f7dfda9

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src.rpm

SHA-256: cb64c25b53ec88e102498d3b95c83ed22a6eaef2fdf28a63cd857ab2e6840bbd

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src.rpm

SHA-256: cb286b91cfa9a137247edb84dc51f138a58aa80e2bd696e48f154c388dd54363

x86_64

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64.rpm

SHA-256: aead19ccf664a014f38f868ec78d78d2ab79489bb4d5dafd87d930d4e66aa8b7

cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64.rpm

SHA-256: 49afccf9d61e1efac16127baca5779901cbf8c45e727a18e93d620101f5b8c33

cri-tools-1.23.0-1.1.el7.x86_64.rpm

SHA-256: e89881143d76e64f84b372670df5f51691e652fc00795585d8b1fbd37c18484a

cri-tools-debuginfo-1.23.0-1.1.el7.x86_64.rpm

SHA-256: bd88aca0bf887eadfb137e1a5ffe1ce21690100f85ece3829fe24949cff03616

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch.rpm

SHA-256: 575a509559d47e470aadd6c90a3b9aa6f70e97e67d0e73c514bd3c6b1e14d587

openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch.rpm

SHA-256: 77aca16c1a148f7ad5cf6b5e6d982bc12be08a480d9b59ad098440d0b3cbd649

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64.rpm

SHA-256: bdc5c25f66b6f7f58c25266498d60f166fe6a94dc17abf8bbab14a276af02b98

openshift-clients-redistributable-4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64.rpm

SHA-256: 1ab86529dfe7c63098651cfff7271b492f7c068ecd5d5b0d36b08d61d619afef

openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64.rpm

SHA-256: baa78b3b98c57b38bf32c052da08fda379a3d3afece5c58b0d97e7edbe0ff3a4

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm

SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1

cri-tools-1.23.0-1.1.el8.src.rpm

SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca

openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm

SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm

SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm

SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159

openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm

SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa

openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm

SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf

ppc64le

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le.rpm

SHA-256: 9e546a637d4876dd24577969f140ad8b405d11b57ad39eb096f4461354bfd281

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm

SHA-256: 0056cbb508f399294654b7309b60e39e6fc3bbfa0ed0c5227affc2ff3df91908

cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm

SHA-256: e0f0a8c02e458b8db8277ee5d9570de0c1c88fe88b43851ffa0e3e9c947c0aff

cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le.rpm

SHA-256: a768fc5d9062935b8af16fab99ed0ee328edd213cfbe13c972a8b1ac2d019e36

cri-tools-1.23.0-1.1.el8.ppc64le.rpm

SHA-256: 0b70745461be5786f7c44de657ff16c774b4efb765e1d45ceb23346f27405af6

cri-tools-debuginfo-1.23.0-1.1.el8.ppc64le.rpm

SHA-256: 9af4de6a76563b33117d02beb2c0c2a198130ff217c4df5c023ed1cf3a32f50e

cri-tools-debugsource-1.23.0-1.1.el8.ppc64le.rpm

SHA-256: 912118120f4741bb8cbe2fb97dbf8a6ca8e861175b8e7505a439d5345aed2912

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6

openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le.rpm

SHA-256: cad830f69fd0f25185423c1ae28ddb5c8e432380621f02854d3979c6ed0f4ac6

openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le.rpm

SHA-256: a807aabf82dc98cd91c0525ccdd69a1636b99c857126cbf0360dd485c944678c

openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505

openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584

openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314

openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3

openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f

openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3

python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120

python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm

SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1

cri-tools-1.23.0-1.1.el8.src.rpm

SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca

openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm

SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm

SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm

SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159

openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm

SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa

openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm

SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf

s390x

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x.rpm

SHA-256: 5f76baf04bed9bbce077acfd36d268900f1ffdef8d53de46e6e6318a0e137935

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm

SHA-256: bbcf1c11dedc6f562692a5ce304488f6592dbf2d18cee3b53d672ae7c4639aca

cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm

SHA-256: c42ab0ae8e17b7dfba4d58bd579f8c3491dbdc33178838f2ac8cfaa2284ae032

cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x.rpm

SHA-256: 5766dd3cda96fd0674b5bd6e720d17cf1723bce790e4451e76e6035643ba6d8e

cri-tools-1.23.0-1.1.el8.s390x.rpm

SHA-256: aa2ef31989377ae0d8c9a6af2482769405f6575d9ff80abc2be007d776aa796d

cri-tools-debuginfo-1.23.0-1.1.el8.s390x.rpm

SHA-256: 6a17cc79f1804b89e47c62d80db6dc690baacd949726677fd56035a675d76de4

cri-tools-debugsource-1.23.0-1.1.el8.s390x.rpm

SHA-256: 93caf67290f3587f7c67f18043daace287a24efe722067dac88235477deb2b03

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6

openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x.rpm

SHA-256: 8cdcf87c6fce463b050de175f4f5b812fbb380f3363649d4b1e56b6a7eddad09

openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x.rpm

SHA-256: 1494795d85d72c68f75913085650424947f91b4181f8981e3f4fe982582e6f1a

openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505

openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584

openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314

openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3

openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f

openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3

python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120

python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 44f12e0abba4947e8899cf94cfb3907512e27800984741683032ca2d220aaf44

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src.rpm

SHA-256: d3ddad3f6412f58bc85cb38545eec1cb556035d8e08fb945ea3ee9043f28bbb1

cri-tools-1.23.0-1.1.el8.src.rpm

SHA-256: 48f6151c6a196496e3fe0f2a45bbb805b1a189232ad1957637e226d7baec59ca

openshift-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src.rpm

SHA-256: e815305e0f6dd81225123fcc251742622e0630e08cbc03acd8c12f3230b9a64d

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src.rpm

SHA-256: 608125820ecb26bb5eb5a404e089fe89edad124cbbd0e3c16f3b21795b377b4b

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src.rpm

SHA-256: b69586ab8064398c344926ff8f4dffba15de320cfdf068f46ee497b8c02ba159

openshift-kuryr-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src.rpm

SHA-256: 79c0d7b4ac01a713230a1c8659c211ab09f2272cda1f7ecdb3d600b4b3488ffa

openstack-ironic-19.0.1-0.20220712154507.f14c488.el8.src.rpm

SHA-256: 3b9bd2a272f6d9ecf2e01e041f5d305dbb188b86ccbc7385180eca8acf3950cf

aarch64

atomic-openshift-service-idler-4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64.rpm

SHA-256: d2ca1f6c85b4b7d5bba36f794387723f2f3b157658eb9399e43e2151d615d4f7

cri-o-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm

SHA-256: 7a311f661f24adf9f9ef20e57d8af488777ab0309f8818fd94ae622ea609818a

cri-o-debuginfo-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm

SHA-256: 2409be8a98ae20e944fa6bee986c98b52208f0d59c7e5f04bb4a7ca86182b09c

cri-o-debugsource-1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64.rpm

SHA-256: 0cd0fc2d4aec0526301862d420a6a48e088170224e5557a25572e7a90df96ae8

cri-tools-1.23.0-1.1.el8.aarch64.rpm

SHA-256: bb9356a51e9a14157f6c0c6b45d7a35039e5cd4dc8a06147cb6b4e7007951066

cri-tools-debuginfo-1.23.0-1.1.el8.aarch64.rpm

SHA-256: aca29a3ba330e729d63aadcc35e5454b1a279ca24b3ea9f5a285ae10bff995ee

cri-tools-debugsource-1.23.0-1.1.el8.aarch64.rpm

SHA-256: e9d5c38f13bb44cbc0b46d4a9d166f7119994ef37e0f2c82995fc6d0db41074c

openshift-ansible-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: 4082f2e4353d0e94e8f1da61cf3268d7068a9ba7c4bb963c22252d871ba751a6

openshift-ansible-test-4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch.rpm

SHA-256: a6a33cdc039c7f682caebd1863a70a43fa3e3ef5f433e150d366857b35f9ae10

openshift-clients-4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64.rpm

SHA-256: ec0c71d1de29a859e4d4e88f7e143af05c1eeb89b59d5697c20071c84e6ebd2b

openshift-hyperkube-4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64.rpm

SHA-256: 67228c3b762754f7493a9395871d13d482c891e2316342a46fe9fd51bb3093c3

openshift-kuryr-cni-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: e3af9643b7e9aa100ca626a94c58fa9efdf602d144b0cdccfc331e2ea4eaa505

openshift-kuryr-common-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 62c1b91ceedfdf58dd5ea0a87e2e02f80b611d75750d2fef3b41e2b6d878b584

openshift-kuryr-controller-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: a4afb9d11aad2835a24f292e5724789c37748c7134c0592884aab3feae21f314

openstack-ironic-api-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 3bdab6f1ca2e28a9a72ef3f222daae52a010d552bbdb8e7f3ad2d3aaefea53f3

openstack-ironic-common-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 71835b7b72fd19994b69ccfb231de582d74b6718058e27df9029364e76fe2a5f

openstack-ironic-conductor-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: a7b8fa53ad69ad4932542cd04672f9bf22b734eab52663437cb767152228a7d3

python3-ironic-tests-19.0.1-0.20220712154507.f14c488.el8.noarch.rpm

SHA-256: 676fd9e659cbd9b5a5696ed407481b41d1ba6bbdc838004b48e8bfcf1388c120

python3-kuryr-kubernetes-4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch.rpm

SHA-256: 153f03bee7adb3ea1988015f6022d45983f786a1d94dbe856fc640a9821de661

Related news

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

RHSA-2023:3914: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issu...

Red Hat Security Advisory 2023-3642-01

Red Hat Security Advisory 2023-3642-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, denial of service, information leakage, spoofing, and traversal vulnerabilities.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

RHSA-2023:1529: Red Hat Security Advisory: Service Telemetry Framework 1.5 security update

An update is now available for Service Telemetry Framework 1.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-23772: A flaw was found in the big package of the math library in golang. The Rat....

CVE-2022-42950: Couchbase Alerts

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Red Hat Security Advisory 2023-0407-01

Red Hat Security Advisory 2023-0407-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0407: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update

Updated release packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: ...

RHSA-2022:8750: Red Hat Security Advisory: OpenShift Virtualization 4.11.1 security and bug fix update

Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6714-01

Red Hat Security Advisory 2022-6714-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

Red Hat Security Advisory 2022-6526-01

Red Hat Security Advisory 2022-6526-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.11.0 images: RHEL-8-CNV-4.11. Issues addressed include denial of service, memory leak, and out of bounds read vulnerabilities.

RHSA-2022:6526: Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1798: kubeVirt: Arbitrary file read on t...

Red Hat Security Advisory 2022-6430-01

Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.

RHSA-2022:6430: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection (OADP) 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30629: golang: crypto/tls: session ti...

Red Hat Security Advisory 2022-6290-01

Red Hat Security Advisory 2022-6290-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-6277-01

Red Hat Security Advisory 2022-6277-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:6152: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update

Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar...

RHSA-2022:6277: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.5 security update

Red Hat OpenShift Service Mesh 2.1.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group * CVE-2022-30629: golang: crypto/tls: session t...

Red Hat Security Advisory 2022-6155-01

Red Hat Security Advisory 2022-6155-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2022:6156: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23440: nodejs-set-value: type confusion allows bypass of CVE-2019-10747 * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-...

RHSA-2022:6155: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement & bugfix update

Updated packages that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Security Advisory 2022-6094-01

Red Hat Security Advisory 2022-6094-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.28.

RHSA-2022:6094: Red Hat Security Advisory: OpenShift Container Platform 4.10.28 packages and security update

Red Hat OpenShift Container Platform release 4.10.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23773: golang: cmd/go: misinterpretation of branch names can lead to incorrect access control * CVE-2022-23806: golang: crypto/elliptic: IsOnCurve returns true for invalid field elements * ...

Red Hat Security Advisory 2022-6040-01

Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6042-01

Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2022-5069-01

Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.

Red Hat Security Advisory 2022-5068-01

Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-5070-01

Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.

RHSA-2022:6040: Red Hat Security Advisory: Release of OpenShift Serverless 1.24.0

Release of OpenShift Serverless 1.24.0 The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * C...

RHSA-2022:5069: Red Hat Security Advisory: OpenShift Container Platform 4.11.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23566: nanoid: Information disclosure via valueOf() function * CVE-2021-23648: sanitize-url: XSS * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2021-44906:...

Gentoo Linux Security Advisory 202208-02

Gentoo Linux Security Advisory 202208-2 - Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Versions less than 1.18.5 are affected.

Red Hat Security Advisory 2022-5840-01

Red Hat Security Advisory 2022-5840-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Red Hat Security Advisory 2022-5729-01

Red Hat Security Advisory 2022-5729-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25.

Red Hat Security Advisory 2022-5730-01

Red Hat Security Advisory 2022-5730-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25.

RHSA-2022:5840: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5730: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...

RHSA-2022:5730: Red Hat Security Advisory: OpenShift Container Platform 4.10.25 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23772: golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921...

RHSA-2022:5337: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group

RHSA-2022:5415: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

RHSA-2022:5415: Red Hat Security Advisory: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

Red Hat Security Advisory 2022-5006-01

Red Hat Security Advisory 2022-5006-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a traversal vulnerability.

RHSA-2022:5006: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update

Red Hat OpenShift Service Mesh 2.1.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-23806: golang: crypto/elliptic IsOnCurve returns true for invalid field elements * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar

CVE-2022-24921: [security] Go 1.17.8 and Go 1.16.15 are released

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.