RHSA-2022:0339: Red Hat Security Advisory: OpenShift Container Platform 4.9.19 security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-02-10

Updated:

2022-02-10

RHSA-2022:0339 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: OpenShift Container Platform 4.9.19 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.19 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.19. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:0340

Security Fix(es):

• jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution (CVE-2022-20617)
• jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF (CVE-2022-20612)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
• Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
• Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
• Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

• BZ - 2044460 - CVE-2022-20612 jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
• BZ - 2044502 - CVE-2022-20617 jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM

jenkins-2-plugins-4.9.1643389956-1.el8.src.rpm

SHA-256: f73056698f466e8ec8213bc83e36228da72b7cbb3ad9730f6c4b0ea0665ad384

jenkins-2.319.2.1643391771-1.el8.src.rpm

SHA-256: f540cc1cc0963f48fb5e9b8e6070a0c58c2cd21dd067384e5db36cd494d6a217

openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.src.rpm

SHA-256: 8374fbfa3fba2dc080e0127f39f4fa030270b21462890bcac652cdd40f59f8a6

x86_64

jenkins-2-plugins-4.9.1643389956-1.el8.noarch.rpm

SHA-256: 91cf297ecd126d190e77ce4550b5a4b6d1b4d8557dd191e30ab5308ca240db46

jenkins-2.319.2.1643391771-1.el8.noarch.rpm

SHA-256: 6bc88e2fde5a60c2a0c422cf176929e5157f59cbd39ce461c5cd28b0f3d92acf

openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.x86_64.rpm

SHA-256: f122e301ec0dd6677ef4d50670ac4193fff81e221b0e8641ec7e1f667b9f4d70

Red Hat OpenShift Container Platform 4.9 for RHEL 7

SRPM

openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el7.src.rpm

SHA-256: 977ab600e7ef8ffb24be9de2216fd1ab679d6da53983656ffaaad54a18f2d698

x86_64

openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el7.x86_64.rpm

SHA-256: 2993451fc8c838ba228a0dfe4cf8a91797436ad0d5dbaf1860049c565362082a

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM

jenkins-2-plugins-4.9.1643389956-1.el8.src.rpm

SHA-256: f73056698f466e8ec8213bc83e36228da72b7cbb3ad9730f6c4b0ea0665ad384

jenkins-2.319.2.1643391771-1.el8.src.rpm

SHA-256: f540cc1cc0963f48fb5e9b8e6070a0c58c2cd21dd067384e5db36cd494d6a217

openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.src.rpm

SHA-256: 8374fbfa3fba2dc080e0127f39f4fa030270b21462890bcac652cdd40f59f8a6

ppc64le

jenkins-2-plugins-4.9.1643389956-1.el8.noarch.rpm

SHA-256: 91cf297ecd126d190e77ce4550b5a4b6d1b4d8557dd191e30ab5308ca240db46

jenkins-2.319.2.1643391771-1.el8.noarch.rpm

SHA-256: 6bc88e2fde5a60c2a0c422cf176929e5157f59cbd39ce461c5cd28b0f3d92acf

openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.ppc64le.rpm

SHA-256: c09fa9b0014454cc9f279c8689633350abdf54f44d78b3b99d7724a8f08727c5

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM

jenkins-2-plugins-4.9.1643389956-1.el8.src.rpm

SHA-256: f73056698f466e8ec8213bc83e36228da72b7cbb3ad9730f6c4b0ea0665ad384

jenkins-2.319.2.1643391771-1.el8.src.rpm

SHA-256: f540cc1cc0963f48fb5e9b8e6070a0c58c2cd21dd067384e5db36cd494d6a217

openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.src.rpm

SHA-256: 8374fbfa3fba2dc080e0127f39f4fa030270b21462890bcac652cdd40f59f8a6

s390x

jenkins-2-plugins-4.9.1643389956-1.el8.noarch.rpm

SHA-256: 91cf297ecd126d190e77ce4550b5a4b6d1b4d8557dd191e30ab5308ca240db46

jenkins-2.319.2.1643391771-1.el8.noarch.rpm

SHA-256: 6bc88e2fde5a60c2a0c422cf176929e5157f59cbd39ce461c5cd28b0f3d92acf

openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.s390x.rpm

SHA-256: 094d4fb756bf067ff3cbc27e8f8f1f061520707a046e860e546a9c72d49e4f8f

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM

jenkins-2-plugins-4.9.1643389956-1.el8.src.rpm

SHA-256: f73056698f466e8ec8213bc83e36228da72b7cbb3ad9730f6c4b0ea0665ad384

jenkins-2.319.2.1643391771-1.el8.src.rpm

SHA-256: f540cc1cc0963f48fb5e9b8e6070a0c58c2cd21dd067384e5db36cd494d6a217

openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.src.rpm

SHA-256: 8374fbfa3fba2dc080e0127f39f4fa030270b21462890bcac652cdd40f59f8a6

aarch64

jenkins-2-plugins-4.9.1643389956-1.el8.noarch.rpm

SHA-256: 91cf297ecd126d190e77ce4550b5a4b6d1b4d8557dd191e30ab5308ca240db46

jenkins-2.319.2.1643391771-1.el8.noarch.rpm

SHA-256: 6bc88e2fde5a60c2a0c422cf176929e5157f59cbd39ce461c5cd28b0f3d92acf

openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.aarch64.rpm

SHA-256: 606f9bab2048308b06c37ff2396bd160435b66fa36a14705ffac27d9105efaae

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.