Headline

RHSA-2022:1021: Red Hat Security Advisory: OpenShift Container Platform 4.9.26 security update

Red Hat OpenShift Container Platform release 4.9.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-0711: haproxy: Denial of service via set-cookie2 header
CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents
CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents
CVE-2022-25175: workflow-multibranch: OS command execution through crafted SCM contents
CVE-2022-25176: workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names
CVE-2022-25177: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
CVE-2022-25178: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
CVE-2022-25179: workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
CVE-2022-25180: workflow-cps: Password parameters are included from the original build in replayed builds
CVE-2022-25181: workflow-cps-global-lib: Sandbox bypass vulnerability
CVE-2022-25182: workflow-cps-global-lib: Sandbox bypass vulnerability
CVE-2022-25183: workflow-cps-global-lib: Sandbox bypass vulnerability
CVE-2022-25184: pipeline-build-step: Password parameter default values exposed

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #dos #redis #git #kubernetes

Synopsis

Important: OpenShift Container Platform 4.9.26 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.26 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.26. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:1022

Security Fix(es):

haproxy: Denial of service via set-cookie2 header (CVE-2022-0711)
workflow-cps: OS command execution through crafted SCM contents

(CVE-2022-25173)

workflow-cps-global-lib: OS command execution through crafted SCM

contents (CVE-2022-25174)

workflow-multibranch: OS command execution through crafted SCM contents

(CVE-2022-25175)

workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)
workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)
workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)
workflow-cps: Pipeline-related plugins follow symbolic links or do not

limit path names (CVE-2022-25176)

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links

or do not limit path names (CVE-2022-25177)

workflow-cps-global-lib: Pipeline-related plugins follow symbolic links

or do not limit path names (CVE-2022-25178)

workflow-multibranch: Pipeline-related plugins follow symbolic links or

do not limit path names (CVE-2022-25179)

workflow-cps: Password parameters are included from the original build in

replayed builds (CVE-2022-25180)

pipeline-build-step: Password parameter default values exposed

(CVE-2022-25184)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

BZ - 2053666 - CVE-2022-0711 haproxy: Denial of service via set-cookie2 header
BZ - 2055719 - CVE-2022-25175 workflow-multibranch: OS command execution through crafted SCM contents
BZ - 2055733 - CVE-2022-25173 workflow-cps: OS command execution through crafted SCM contents
BZ - 2055734 - CVE-2022-25174 workflow-cps-global-lib: OS command execution through crafted SCM contents
BZ - 2055787 - CVE-2022-25176 workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names
BZ - 2055788 - CVE-2022-25177 workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
BZ - 2055789 - CVE-2022-25178 workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
BZ - 2055792 - CVE-2022-25179 workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
BZ - 2055795 - CVE-2022-25180 workflow-cps: Password parameters are included from the original build in replayed builds
BZ - 2055797 - CVE-2022-25181 workflow-cps-global-lib: Sandbox bypass vulnerability
BZ - 2055798 - CVE-2022-25182 workflow-cps-global-lib: Sandbox bypass vulnerability
BZ - 2055802 - CVE-2022-25183 workflow-cps-global-lib: Sandbox bypass vulnerability
BZ - 2055804 - CVE-2022-25184 pipeline-build-step: Password parameter default values exposed

CVEs

CVE-2022-0711
CVE-2022-25173
CVE-2022-25174
CVE-2022-25175
CVE-2022-25176
CVE-2022-25177
CVE-2022-25178
CVE-2022-25179
CVE-2022-25180
CVE-2022-25181
CVE-2022-25182
CVE-2022-25183
CVE-2022-25184

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.src.rpm

SHA-256: 02f993dc4c61d6c217b65f81826d0b16599c733ded33f85ece88b9e75ea7b5ff

haproxy-2.2.15-4.el8.src.rpm

SHA-256: d2c2325e5eb3b5085d7575f139e2661b7dbbd17b1ae615e390d9441c08f97ca7

jenkins-2-plugins-4.9.1647580879-1.el8.src.rpm

SHA-256: 5f132db5c4cf74c584ef99eef92c2d45a8d5d65c16ea3ae3512a2b3d965b9be6

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.src.rpm

SHA-256: 5a763894c448bdae047dfb6f8b85a7253bfa8cd5fb62378da91a12c567c875ec

runc-1.0.1-3.rhaos4.9.git4144b63.el8.src.rpm

SHA-256: 4a393796c55b6539882962eeca630140acd61840a63ca849968a542bbc465927

x86_64

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.x86_64.rpm

SHA-256: f0ea5a11b3be548eb0f153cd714a2318f8c726113fb676fc571cb196ba3e5786

cri-o-debuginfo-1.22.3-2.rhaos4.9.git28c5a70.el8.x86_64.rpm

SHA-256: ad5f51805d79f1a23690035568284d36a81e963005891ed08b8283efeed6e83c

cri-o-debugsource-1.22.3-2.rhaos4.9.git28c5a70.el8.x86_64.rpm

SHA-256: b247ce8de039b0c784e5ad2288c79e187912319dbc55d39876f0afc80c89b8cd

haproxy-debugsource-2.2.15-4.el8.x86_64.rpm

SHA-256: 5a0998e545f12aa0652d0bc4c0b22b936abf9dc53dc1e9f8679a9a5de0ff10b6

haproxy22-2.2.15-4.el8.x86_64.rpm

SHA-256: ce4d7b8f92324a4684b027aeebfbd30788d4b88814b75849ce1986f68a94c9b2

haproxy22-debuginfo-2.2.15-4.el8.x86_64.rpm

SHA-256: b4c2fdeaa7d528bf8935f83c8a6024224795840a053c217fda193222859ff56b

jenkins-2-plugins-4.9.1647580879-1.el8.noarch.rpm

SHA-256: 224152fe61045368d7e4662735ca2040f349ca357672803149d2d1a2c93001f8

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.x86_64.rpm

SHA-256: b999a47694d7eead338490e3f0f60ed3bc25d2c2997a083ebcece21a1f10a211

openshift-clients-redistributable-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.x86_64.rpm

SHA-256: b6369761858b069d6722307a0a339a6734227ad981956a97580d79f47a98518c

runc-1.0.1-3.rhaos4.9.git4144b63.el8.x86_64.rpm

SHA-256: 203b54ef554868012db1d7186583eaba818ccd347cbb90a06b52701419a185a1

runc-debuginfo-1.0.1-3.rhaos4.9.git4144b63.el8.x86_64.rpm

SHA-256: 5d952134cf61d24dcf3da277295a912073d851650d56ece5e60687deece8bae0

runc-debugsource-1.0.1-3.rhaos4.9.git4144b63.el8.x86_64.rpm

SHA-256: 06802a190d221681e4308b356df9b3244b3922a21cf9ae367e912ec7f8804e15

Red Hat OpenShift Container Platform 4.9 for RHEL 7

SRPM

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el7.src.rpm

SHA-256: f082e55af6280706eff96ad68221b258aaf3c547a048d5965bd2441bea305310

openshift-ansible-4.9.0-202203150226.p0.g8abf85e.assembly.stream.el7.src.rpm

SHA-256: bed4228441fc269e2d7ebda89fb3a3add9a52197b8357a72cc4beeb0b779f87f

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el7.src.rpm

SHA-256: ff622fdaa9912b334c7a5bda5aa11d09a6f3dcbb92e03bd1375be1c0c0f5e8f6

x86_64

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el7.x86_64.rpm

SHA-256: 9579b9800ad0cd08cf9c3df3c992ce58d97b9076c21b889316fd33df50b850fc

cri-o-debuginfo-1.22.3-2.rhaos4.9.git28c5a70.el7.x86_64.rpm

SHA-256: 4b57bf5b0970628714b07521b06c4b0e71503528cc3a268037184ddcd3e3db1b

openshift-ansible-4.9.0-202203150226.p0.g8abf85e.assembly.stream.el7.noarch.rpm

SHA-256: 85c85a9de63c33d62d172c911ed2eae24498ea7c20c2300f8a8b1bed54a1f5b9

openshift-ansible-test-4.9.0-202203150226.p0.g8abf85e.assembly.stream.el7.noarch.rpm

SHA-256: cfe4c48d4bf3e791932d36d47bc578fb1ff9655afd6668a904f78cb5395877e4

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el7.x86_64.rpm

SHA-256: b98a56cb9581b20b95a604a7486bcd024d6947e211098e86a7b4ae3f703f31e9

openshift-clients-redistributable-4.9.0-202203221324.p0.ga646be5.assembly.stream.el7.x86_64.rpm

SHA-256: 32442432cfb09f33b203da87e148025034b8ffa421dac288abed6dc53dcdfe54

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.src.rpm

SHA-256: 02f993dc4c61d6c217b65f81826d0b16599c733ded33f85ece88b9e75ea7b5ff

haproxy-2.2.15-4.el8.src.rpm

SHA-256: d2c2325e5eb3b5085d7575f139e2661b7dbbd17b1ae615e390d9441c08f97ca7

jenkins-2-plugins-4.9.1647580879-1.el8.src.rpm

SHA-256: 5f132db5c4cf74c584ef99eef92c2d45a8d5d65c16ea3ae3512a2b3d965b9be6

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.src.rpm

SHA-256: 5a763894c448bdae047dfb6f8b85a7253bfa8cd5fb62378da91a12c567c875ec

runc-1.0.1-3.rhaos4.9.git4144b63.el8.src.rpm

SHA-256: 4a393796c55b6539882962eeca630140acd61840a63ca849968a542bbc465927

ppc64le

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.ppc64le.rpm

SHA-256: c31a877e1a2a0d8dedc6e0324a89b145308df7fac3fde246bdccd56c58e1a470

cri-o-debuginfo-1.22.3-2.rhaos4.9.git28c5a70.el8.ppc64le.rpm

SHA-256: 515e08dd84baeb9958416b56751be4363e342de30f721c4a600de2f11da701bc

cri-o-debugsource-1.22.3-2.rhaos4.9.git28c5a70.el8.ppc64le.rpm

SHA-256: a53a64f3b72ccca8a3b14e84aec5dec3557d4ff5a82202caa5f59470748da2ad

haproxy-debugsource-2.2.15-4.el8.ppc64le.rpm

SHA-256: cba1aabc72f6c49c4d1ec7d1dc0ca415a39acb7b55e9aa27d791804348c13195

haproxy22-2.2.15-4.el8.ppc64le.rpm

SHA-256: 96a783691df3e85e88db0fee090d7521592877befeb90ddf9e560b251fd463ce

haproxy22-debuginfo-2.2.15-4.el8.ppc64le.rpm

SHA-256: 6105f1b8062cfce5d7af98f4e6164be176287f92ffc391cc44854c2e0a1968e6

jenkins-2-plugins-4.9.1647580879-1.el8.noarch.rpm

SHA-256: 224152fe61045368d7e4662735ca2040f349ca357672803149d2d1a2c93001f8

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.ppc64le.rpm

SHA-256: 33c16bbff4da9078449f626c2faa2a371ac83618384fd19333526b32e1e37323

runc-1.0.1-3.rhaos4.9.git4144b63.el8.ppc64le.rpm

SHA-256: 6d761c98054898bc9969b73a79dc42a92e8fb4ec856cd10cf11234cb20f6aafc

runc-debuginfo-1.0.1-3.rhaos4.9.git4144b63.el8.ppc64le.rpm

SHA-256: eb84fe94c52a9dbab71de131e282ff4b7256cd046d05d67c2dd84211aa34b87e

runc-debugsource-1.0.1-3.rhaos4.9.git4144b63.el8.ppc64le.rpm

SHA-256: 6a0b2f236e770c98c3c9fee052ca3948df40a511f049e957b91352f5d3fb6b8e

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.src.rpm

SHA-256: 02f993dc4c61d6c217b65f81826d0b16599c733ded33f85ece88b9e75ea7b5ff

haproxy-2.2.15-4.el8.src.rpm

SHA-256: d2c2325e5eb3b5085d7575f139e2661b7dbbd17b1ae615e390d9441c08f97ca7

jenkins-2-plugins-4.9.1647580879-1.el8.src.rpm

SHA-256: 5f132db5c4cf74c584ef99eef92c2d45a8d5d65c16ea3ae3512a2b3d965b9be6

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.src.rpm

SHA-256: 5a763894c448bdae047dfb6f8b85a7253bfa8cd5fb62378da91a12c567c875ec

runc-1.0.1-3.rhaos4.9.git4144b63.el8.src.rpm

SHA-256: 4a393796c55b6539882962eeca630140acd61840a63ca849968a542bbc465927

s390x

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.s390x.rpm

SHA-256: 6a073477272627087140a9785aca56b827920773f7f410af6021cd012533becd

cri-o-debuginfo-1.22.3-2.rhaos4.9.git28c5a70.el8.s390x.rpm

SHA-256: 43c0c5556b3bfa8fa3c14373f61759a01e61e20afcf0d1b734217961b71e7def

cri-o-debugsource-1.22.3-2.rhaos4.9.git28c5a70.el8.s390x.rpm

SHA-256: 2455b2b540c6841b031766b6ce4aa637b7a1ef67e0c8ba3072e1d2a62a6804d7

haproxy-debugsource-2.2.15-4.el8.s390x.rpm

SHA-256: 62b917187bd521e2f9a979f49e2d8e9dca34f0fb7c792b792103a0166908d985

haproxy22-2.2.15-4.el8.s390x.rpm

SHA-256: 86ff091ebdbb7de6850d335e749c04816635593be932d5aefde24a954a681a45

haproxy22-debuginfo-2.2.15-4.el8.s390x.rpm

SHA-256: 744be7ae8f0a7d0beb7bde5da762bcb9015fee82350dde24044e49b028289436

jenkins-2-plugins-4.9.1647580879-1.el8.noarch.rpm

SHA-256: 224152fe61045368d7e4662735ca2040f349ca357672803149d2d1a2c93001f8

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.s390x.rpm

SHA-256: a28e5adcbd033c1536a5ceb49aa841863673c3418de8a038fd518b97dcc13f5e

runc-1.0.1-3.rhaos4.9.git4144b63.el8.s390x.rpm

SHA-256: 2fd02c38e421c1f176fa7e232625319c5e769054fa0034fe78da0bca0524d4bf

runc-debuginfo-1.0.1-3.rhaos4.9.git4144b63.el8.s390x.rpm

SHA-256: e68ec155e3c1ce4537b279a25acad54186a52267fe525ba110c04e4e89920055

runc-debugsource-1.0.1-3.rhaos4.9.git4144b63.el8.s390x.rpm

SHA-256: 60d4867d104dc1e40859caacafc72ceb026c22079957019ab4037189ef55b119

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.src.rpm

SHA-256: 02f993dc4c61d6c217b65f81826d0b16599c733ded33f85ece88b9e75ea7b5ff

haproxy-2.2.15-4.el8.src.rpm

SHA-256: d2c2325e5eb3b5085d7575f139e2661b7dbbd17b1ae615e390d9441c08f97ca7

jenkins-2-plugins-4.9.1647580879-1.el8.src.rpm

SHA-256: 5f132db5c4cf74c584ef99eef92c2d45a8d5d65c16ea3ae3512a2b3d965b9be6

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.src.rpm

SHA-256: 5a763894c448bdae047dfb6f8b85a7253bfa8cd5fb62378da91a12c567c875ec

runc-1.0.1-3.rhaos4.9.git4144b63.el8.src.rpm

SHA-256: 4a393796c55b6539882962eeca630140acd61840a63ca849968a542bbc465927

aarch64

cri-o-1.22.3-2.rhaos4.9.git28c5a70.el8.aarch64.rpm

SHA-256: 74415cffe4ab96805d5a9d705a73eaa5bdb305576ff8014fc99bd7ad05b91339

cri-o-debuginfo-1.22.3-2.rhaos4.9.git28c5a70.el8.aarch64.rpm

SHA-256: 1c78d1a5f86f9f62fe0a4df597b1e2aa260c702d2c117b1c4c22dcff849c3e3e

cri-o-debugsource-1.22.3-2.rhaos4.9.git28c5a70.el8.aarch64.rpm

SHA-256: 853efeea39ed4f48e0221ee94042a06eb4355b59e3fee447fa4c72fc14d3fd2a

haproxy-debugsource-2.2.15-4.el8.aarch64.rpm

SHA-256: e25ca1c6f4d34f27ed5e93d05bda2688987d04c2fa20b777965c84998bcff55a

haproxy22-2.2.15-4.el8.aarch64.rpm

SHA-256: 2bcb2d896673e87b74c6d263be4a44154d836b86e4c189d6941994e6f728fb59

haproxy22-debuginfo-2.2.15-4.el8.aarch64.rpm

SHA-256: 80bc62db10ee499459ff5b49cf3243d1987d265f5eede4f6b603311274570728

jenkins-2-plugins-4.9.1647580879-1.el8.noarch.rpm

SHA-256: 224152fe61045368d7e4662735ca2040f349ca357672803149d2d1a2c93001f8

openshift-clients-4.9.0-202203221324.p0.ga646be5.assembly.stream.el8.aarch64.rpm

SHA-256: 5cb85e120edf8cbbbf832d3b2f879d4476138aafd6e1f7cdf66caabb52dcac7d

runc-1.0.1-3.rhaos4.9.git4144b63.el8.aarch64.rpm

SHA-256: 9cabae4b81929060cd28394d8c1a3af5b497044367d69540b33e46a83959a63e

runc-debuginfo-1.0.1-3.rhaos4.9.git4144b63.el8.aarch64.rpm

SHA-256: ffaab6925c4e6bb048d17d0ffc3865a6521ca3ba52e514b7b7637b69dea8a1a0

runc-debugsource-1.0.1-3.rhaos4.9.git4144b63.el8.aarch64.rpm

SHA-256: a42a846354cb85b444a3faa07277d903aff6b063848fb45cb6e189ded682af98

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

1 year ago

Red Hat Security Data

RHSA-2023:5628: Red Hat Security Advisory: kernel security and bug fix update

1 year ago

Red Hat Security Data

RHSA-2023:5622: Red Hat Security Advisory: kernel security and bug fix update

1 year ago

Red Hat Security Data

RHSA-2023:5615: Red Hat Security Advisory: libssh2 security update

1 year ago

Red Hat Security Data

RHSA-2023:5616: Red Hat Security Advisory: python-reportlab security update

1 year ago

Red Hat Security Data