Headline

RHSA-2023:3541: Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-2995: Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #git #kubernetes #aws #ibm #rpm

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Satellite
Red Hat Subscription Management
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-14

Updated:

2023-06-14

RHSA-2023:3541 - Security Advisory

Overview
Updated Packages

Synopsis

Low: OpenShift Container Platform 4.11.43 packages and security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.43. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:3542

Security Fix(es):

cri-o: incorrect handling of the supplementary groups (CVE-2022-2995)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

Fixes

BZ - 2121632 - CVE-2022-2995 cri-o: incorrect handling of the supplementary groups

References

https://access.redhat.com/security/updates/classification/#low
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Red Hat OpenShift Container Platform 4.11 for RHEL 8

SRPM

cri-o-1.24.5-5.rhaos4.11.git8bf967b.el8.src.rpm

SHA-256: d558acbb22c38dd2b4801501f4419cd058139767431ce2c3a7756b94f1b82afb

openshift-4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src.rpm

SHA-256: 489220ee733c911c9781b98ca91d623034e9a24e479ffdb50269b7c9630e4482

openstack-ironic-20.2.1-0.20230605115028.483a7f9.el8.src.rpm

SHA-256: 1b19bcc8622ae8f3fdde42d326fd90a64c9823b990c9e867fbfaadee32c2b04a

python-flask-1.1.2-6.el8.src.rpm

SHA-256: 61e3596e7ea6df4305a85b067c6464fc1abde96e9805fa14ee02b4e98d302818

x86_64

cri-o-1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64.rpm

SHA-256: 36816e969b7d3b1c4ea8357c5b12df5ae834d041a8a8df999cb077597c5866f8

cri-o-debuginfo-1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64.rpm

SHA-256: 70cd82620605f919ee8bf7c4947a5aa774f873d33932b9995d249a5d666b452a

cri-o-debugsource-1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64.rpm

SHA-256: 0483dce66143ba6dec6c0c6c7c38fabca1be39f4693e9542c6dd5789c3b6ab49

openshift-hyperkube-4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64.rpm

SHA-256: fd63a1e9457dce40ff6e4b1776e1387b0fa6370c72837ad440a3936a424ac474

openstack-ironic-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: c09c3fbf8e23d6ed40ba6713e74a76ae305b982c7f957179a2046ddeff1d6ac1

openstack-ironic-api-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: a68e2bf817c06ee22f65620225e8eddec02adc49cc0be72c47f2da9351948272

openstack-ironic-common-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: 34a8c0d597ff17654a3c0975ebfca3b87b1e5ced456cc8d8c6066a0150e96985

openstack-ironic-conductor-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: 85be6e63ff0c679f0f94820adcf6034f42010b885b6e83c0341e59d51203dd95

openstack-ironic-dnsmasq-tftp-server-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: 5aef924efdfcfa1821d78d2f5b44937c6431e66cbfd903cbe8504577f0d79134

python-flask-doc-1.1.2-6.el8.noarch.rpm

SHA-256: cdd80a1a6581fd86ccb8a83c2ce16819165af0fc0378787e5738df9047f92729

python3-flask-1.1.2-6.el8.noarch.rpm

SHA-256: e3b5426930e7097b9cc7b6bb8f3454ce528aed0fe867c17dcaf94a90bc0e8ee5

python3-ironic-tests-20.2.1-0.20230605115028.483a7f9.el8.noarch.rpm

SHA-256: 592d8320702c5e0aa7bd90f55abee4070926b2da0e656b413d1646d7a69a3d46

Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8

SRPM

cri-o-1.24.5-5.rhaos4.11.git8bf967b.el8.src.rpm

SHA-256: d558acbb22c38dd2b4801501f4419cd058139767431ce2c3a7756b94f1b82afb

openshift-4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src.rpm

SHA-256: 489220ee733c911c9781b98ca91d623034e9a24e479ffdb50269b7c9630e4482

ppc64le

cri-o-1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le.rpm

SHA-256: 5dd0a15370dd1f1996f54a0bb8d2138aed75aa81866a866ef6baaa7b2790a53a

cri-o-debuginfo-1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le.rpm

SHA-256: f570b7f624821c71f3f86542c920328e7368ed4c9165242c9294e54b2d505c23

cri-o-debugsource-1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le.rpm

SHA-256: edf645cedc0f140cd5dc29a61e4826fa33c334bfaacbe62b35d1f026bab02214

openshift-hyperkube-4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le.rpm

SHA-256: 9bc044b46c51e2cccaf73ae10af5220e9be6453ea7e357d54516636bd43191a4