Headline
RHSA-2022:4999: Red Hat Security Advisory: OpenShift Container Platform 3.11.715 packages and security update
Red Hat OpenShift Container Platform release 3.11.715 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Synopsis
Moderate: OpenShift Container Platform 3.11.715 packages and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 3.11.715 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:5000
Security Fix(es):
- cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Affected Products
- Red Hat OpenShift Container Platform 3.11 x86_64
- Red Hat OpenShift Container Platform for Power 3.11 ppc64le
Fixes
- BZ - 2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api
- BZ - 2089734 - ose-console: enable source containers for open source requirements
Red Hat OpenShift Container Platform 3.11
SRPM
atomic-enterprise-service-catalog-3.11.715-1.g2e6be86.el7.src.rpm
SHA-256: 2565aff0dfee630ba00aa2b5ae19d36c54b0e373f21ec85164474fc37a5be9ed
atomic-openshift-3.11.715-1.git.0.e449bb4.el7.src.rpm
SHA-256: 69d673bbcabcdd1592909d88d246d17b1dbf1632cea81b454bcaff1135596a89
atomic-openshift-cluster-autoscaler-3.11.715-1.g99b2acf.el7.src.rpm
SHA-256: d4eff5678be56b79339b5fc817e8b6ac02e19852e8d6d721f749b8c5470e15dc
atomic-openshift-descheduler-3.11.715-1.gd435537.el7.src.rpm
SHA-256: 6d2a955a64d35205c05152e029a8621efe7111d57d54e4090f578ef1c8e397ee
atomic-openshift-dockerregistry-3.11.715-1.g0fa231c.el7.src.rpm
SHA-256: d46b41f2fe92f006e85d10ec52218a4fcb706c7d7d61f49ca55ac2b278909aca
atomic-openshift-metrics-server-3.11.715-1.gf8bf728.el7.src.rpm
SHA-256: 71c04b83e313a84e8960f4316312bbbac646edb8a4dcbe429a6b1cfc1b1bdb05
atomic-openshift-node-problem-detector-3.11.715-1.gc8f26da.el7.src.rpm
SHA-256: f8c3f82542e4e5181c123ab140c46c433d121cf4f2e758926e3cc8d8a728f854
atomic-openshift-service-idler-3.11.715-1.g39cfc66.el7.src.rpm
SHA-256: 1b0178e5f1c97d1d1939497ad23cddca7ea40144c2b4c01ad3061a2f7ba1bb2e
atomic-openshift-web-console-3.11.715-1.ga7c5920.el7.src.rpm
SHA-256: 5813a75d802d25c87f5e606ceba0020392c344cef70abded0671827dffd6fe62
cri-o-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.src.rpm
SHA-256: efbbd637c8b51dff04805055f7478ca76a70a69db8ee74ea1fec62221d2fe947
golang-github-openshift-oauth-proxy-3.11.715-1.gedebe84.el7.src.rpm
SHA-256: b52a900b542dac9219a3772b19cad5e9fb3d13ccd8c730cfeaed9eb3b35abd04
golang-github-prometheus-alertmanager-3.11.715-1.g13de638.el7.src.rpm
SHA-256: 3c7be9aa36f203935064599f49d44754d8e04613f3a9542424979847d7ca0f94
golang-github-prometheus-node_exporter-3.11.715-1.g609cd20.el7.src.rpm
SHA-256: acfa75f4ec1050cec87918b2695713c704adc061a541b7aec3cde433ebb61a35
golang-github-prometheus-prometheus-3.11.715-1.g99aae51.el7.src.rpm
SHA-256: 42ee9e794da55e229a6a53bb03e3e3a66cd82ba1fba95aec897ac91b6ab2d2bd
openshift-ansible-3.11.715-1.git.0.9151060.el7.src.rpm
SHA-256: 7fb3feb47091c82d83cb3512d35f1a01d319151f2c05676908b369f8ee78fa6f
openshift-enterprise-autoheal-3.11.715-1.gf2f435d.el7.src.rpm
SHA-256: 09df7e9d9d74b84301783a7c8b316833f6efba557f2eedc381a97d245eaf426e
openshift-enterprise-cluster-capacity-3.11.715-1.g22be164.el7.src.rpm
SHA-256: 704565aa233cc33dbeaac749cda3a41ac6200720b80fe00453f56d93a51a7669
openshift-kuryr-3.11.715-1.g0c4bf66.el7.src.rpm
SHA-256: fd8dfbbe4aac19b1ad1f9821fd4026203358613f2fa855d6e6197ce670588ad3
x86_64
atomic-enterprise-service-catalog-3.11.715-1.g2e6be86.el7.x86_64.rpm
SHA-256: c484aaa5878f9bac570e0a9fb68beffff6db57d4b359576722599485e3b033af
atomic-enterprise-service-catalog-svcat-3.11.715-1.g2e6be86.el7.x86_64.rpm
SHA-256: d1ca230f3cb675278836bd9a6d3392d55bb89a644a1ad3a70379c0caeba36837
atomic-openshift-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: cab8f6c1ebf2a34072ae4cfc1e9f172d61217746cb0ef5a55a95693b615c3d2e
atomic-openshift-clients-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: bdad3d657b57721d8e2419b6214e65d915117f18deb45284332cbb6a96019be9
atomic-openshift-clients-redistributable-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 5142a1562184cf0854b26326e1f19481961c8a697df88832df97e969c99673b8
atomic-openshift-cluster-autoscaler-3.11.715-1.g99b2acf.el7.x86_64.rpm
SHA-256: a0f6002f9be175588eb3e6bd3fdeacd8c3eea149a565056c2ea9da5a6df8f530
atomic-openshift-descheduler-3.11.715-1.gd435537.el7.x86_64.rpm
SHA-256: 624e2ba4ab60c9c40af14d9be2ca707c65970c55370638c2dba64cc8c7d50104
atomic-openshift-docker-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: ed71107dbeb0fcdfef5985460c4acc2ba45f379abc30d7fc1f6b90477fb8aadf
atomic-openshift-dockerregistry-3.11.715-1.g0fa231c.el7.x86_64.rpm
SHA-256: dbbe531452b88d237ea5935b2c8b2540823f5e90270b89c1c38d6b5258a30abc
atomic-openshift-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: b147cf3a67913e290bacb9b79ca3af239df7f9e1a949c3550abbe3dbc7003bc7
atomic-openshift-hyperkube-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 371f647e20d31ff645bb016005bca0107268506f9557674edca2d31991957fb1
atomic-openshift-hypershift-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 68f53f3f7d71f4fa7c83989f3f805715971a03c335b3270b41e0be7b166e4a6a
atomic-openshift-master-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: faf25662bb5677d720d565e9eb106a025c6f54d28a464138ead2fe06d0564664
atomic-openshift-metrics-server-3.11.715-1.gf8bf728.el7.x86_64.rpm
SHA-256: d2208e561e34a84c272965d18095cbce941aed1aa438aab5736ae31d1054bbe9
atomic-openshift-node-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 1b9783a29284d86765fbcff427f59d98bcf185388f9b896762ac992b696718de
atomic-openshift-node-problem-detector-3.11.715-1.gc8f26da.el7.x86_64.rpm
SHA-256: 9728cc7d32b4b19c68446ebc597ce15dec534f8626a2843628edf5ced9a5e944
atomic-openshift-pod-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 125667ff8333e4ca60d9ef90fe38b13268e9f951b6bf9d4aa4c854f0327ad005
atomic-openshift-sdn-ovs-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: df3f6e35a4ad81a724c44065944c43b7a19a27343f621c730ed82bd33af1d58d
atomic-openshift-service-idler-3.11.715-1.g39cfc66.el7.x86_64.rpm
SHA-256: b042dca67028e0656378324f309fcae5b86b0ab4032fb6f11e695e5d7cfeb0e7
atomic-openshift-template-service-broker-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: a4e3971e6dabc037497a98584a49d3906bbb70cc8803b29cb64ca64c567b0062
atomic-openshift-tests-3.11.715-1.git.0.e449bb4.el7.x86_64.rpm
SHA-256: 8dbbb65b17b9a2af892e84286614d557b66a0a2ce6ac264b6e1a23ca4d7f7f87
atomic-openshift-web-console-3.11.715-1.ga7c5920.el7.x86_64.rpm
SHA-256: 9ba14c6447e0152af9f1146974bd853396f13d9585370edfac115688959c10e9
cri-o-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.x86_64.rpm
SHA-256: 376e38cd25c49ec959e0a227747066b9531e24c908ea0b378147f2ed3f29938b
cri-o-debuginfo-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.x86_64.rpm
SHA-256: 8e4974e7ec6a3d24fb27ac54bee486995ab269d914e9b9e362a4fc365dc9922a
golang-github-openshift-oauth-proxy-3.11.715-1.gedebe84.el7.x86_64.rpm
SHA-256: a8f0e5e787fc230bc0a68a54b19a54e4f9f7c9f8c19b7b1edb5486d2ce40a086
openshift-ansible-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 3518fc433a2711b2151c14b1f0ca89fe5346cce83f40ccc2982b400fc1184473
openshift-ansible-docs-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 020d490513e7cfafeacfc8aa7890b979f95fbd1a19ceb6a51bd7323058b9cd99
openshift-ansible-playbooks-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 177b8f8b531388727d5dccff95a640cfeba7778f38f057e0da97c1a38f413452
openshift-ansible-roles-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: c6db6cd7089638f341ce88418f58e4b0257580194984c5e377158979fb651850
openshift-enterprise-autoheal-3.11.715-1.gf2f435d.el7.x86_64.rpm
SHA-256: 2cf283a44d79cc2b562398c8bc5d05b36ba7c75515c32a2e4dd2e9cdaf85d568
openshift-enterprise-cluster-capacity-3.11.715-1.g22be164.el7.x86_64.rpm
SHA-256: fff8a4499e3e9f48e0b644b3056556d8b11a31e84dc0f9fe4a606486985063f1
openshift-kuryr-cni-3.11.715-1.g0c4bf66.el7.noarch.rpm
SHA-256: f410bf606d8065fc3099cddc5031fd8dc2b7f56b9c668c224749f1725cee292f
openshift-kuryr-common-3.11.715-1.g0c4bf66.el7.noarch.rpm
SHA-256: a47f81fad18c32ce299a8afb7580999b1c766a5f1e271fe2c73076b28b620c0c
openshift-kuryr-controller-3.11.715-1.g0c4bf66.el7.noarch.rpm
SHA-256: 410698c066634ee80d23ebe570aae452872e2f1be0278dc2a5e159b0f4f66a38
prometheus-3.11.715-1.g99aae51.el7.x86_64.rpm
SHA-256: 5fb05c3d60a956687c0968cbc13867f6d83d8c1832b61a64b3753a45ffec555c
prometheus-alertmanager-3.11.715-1.g13de638.el7.x86_64.rpm
SHA-256: 918a7964599cc39562a674a229d02eb3664bda579597c8a252e638a50f7cfb09
prometheus-node-exporter-3.11.715-1.g609cd20.el7.x86_64.rpm
SHA-256: e9489ab0949cc6c9a74cc0e2893f8e928a06f36d661805a186175099b6a74a46
python2-kuryr-kubernetes-3.11.715-1.g0c4bf66.el7.noarch.rpm
SHA-256: 604226b311c597c816cf6555b5331bf1cde3d6788a9558db0cebf5ec967c53d0
Red Hat OpenShift Container Platform for Power 3.11
SRPM
atomic-enterprise-service-catalog-3.11.715-1.g2e6be86.el7.src.rpm
SHA-256: 2565aff0dfee630ba00aa2b5ae19d36c54b0e373f21ec85164474fc37a5be9ed
atomic-openshift-3.11.715-1.git.0.e449bb4.el7.src.rpm
SHA-256: 69d673bbcabcdd1592909d88d246d17b1dbf1632cea81b454bcaff1135596a89
atomic-openshift-cluster-autoscaler-3.11.715-1.g99b2acf.el7.src.rpm
SHA-256: d4eff5678be56b79339b5fc817e8b6ac02e19852e8d6d721f749b8c5470e15dc
atomic-openshift-descheduler-3.11.715-1.gd435537.el7.src.rpm
SHA-256: 6d2a955a64d35205c05152e029a8621efe7111d57d54e4090f578ef1c8e397ee
atomic-openshift-metrics-server-3.11.715-1.gf8bf728.el7.src.rpm
SHA-256: 71c04b83e313a84e8960f4316312bbbac646edb8a4dcbe429a6b1cfc1b1bdb05
atomic-openshift-node-problem-detector-3.11.715-1.gc8f26da.el7.src.rpm
SHA-256: f8c3f82542e4e5181c123ab140c46c433d121cf4f2e758926e3cc8d8a728f854
atomic-openshift-service-idler-3.11.715-1.g39cfc66.el7.src.rpm
SHA-256: 1b0178e5f1c97d1d1939497ad23cddca7ea40144c2b4c01ad3061a2f7ba1bb2e
atomic-openshift-web-console-3.11.715-1.ga7c5920.el7.src.rpm
SHA-256: 5813a75d802d25c87f5e606ceba0020392c344cef70abded0671827dffd6fe62
cri-o-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.src.rpm
SHA-256: efbbd637c8b51dff04805055f7478ca76a70a69db8ee74ea1fec62221d2fe947
golang-github-openshift-oauth-proxy-3.11.715-1.gedebe84.el7.src.rpm
SHA-256: b52a900b542dac9219a3772b19cad5e9fb3d13ccd8c730cfeaed9eb3b35abd04
golang-github-prometheus-alertmanager-3.11.715-1.g13de638.el7.src.rpm
SHA-256: 3c7be9aa36f203935064599f49d44754d8e04613f3a9542424979847d7ca0f94
golang-github-prometheus-node_exporter-3.11.715-1.g609cd20.el7.src.rpm
SHA-256: acfa75f4ec1050cec87918b2695713c704adc061a541b7aec3cde433ebb61a35
golang-github-prometheus-prometheus-3.11.715-1.g99aae51.el7.src.rpm
SHA-256: 42ee9e794da55e229a6a53bb03e3e3a66cd82ba1fba95aec897ac91b6ab2d2bd
openshift-ansible-3.11.715-1.git.0.9151060.el7.src.rpm
SHA-256: 7fb3feb47091c82d83cb3512d35f1a01d319151f2c05676908b369f8ee78fa6f
openshift-enterprise-autoheal-3.11.715-1.gf2f435d.el7.src.rpm
SHA-256: 09df7e9d9d74b84301783a7c8b316833f6efba557f2eedc381a97d245eaf426e
openshift-enterprise-cluster-capacity-3.11.715-1.g22be164.el7.src.rpm
SHA-256: 704565aa233cc33dbeaac749cda3a41ac6200720b80fe00453f56d93a51a7669
ppc64le
atomic-enterprise-service-catalog-3.11.715-1.g2e6be86.el7.ppc64le.rpm
SHA-256: a425793794c8bee8586da51a9f4956b70fec1f1e3e1ebaaefaee1dc19771541b
atomic-enterprise-service-catalog-3.11.715-1.g2e6be86.el7.ppc64le.rpm
SHA-256: a425793794c8bee8586da51a9f4956b70fec1f1e3e1ebaaefaee1dc19771541b
atomic-enterprise-service-catalog-svcat-3.11.715-1.g2e6be86.el7.ppc64le.rpm
SHA-256: 9a11a92b04ae3c5f0bc7c85e72e663738ae5670f79a4f9b46fe1d0ff60fa00ee
atomic-enterprise-service-catalog-svcat-3.11.715-1.g2e6be86.el7.ppc64le.rpm
SHA-256: 9a11a92b04ae3c5f0bc7c85e72e663738ae5670f79a4f9b46fe1d0ff60fa00ee
atomic-openshift-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 86e144ae1362916d126e0d938d2f9fa85d298eefc82191080cdc895689d89423
atomic-openshift-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 86e144ae1362916d126e0d938d2f9fa85d298eefc82191080cdc895689d89423
atomic-openshift-clients-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: e6bfc1a828f3adc4f150bea54a41c8ede78b1ada33750023f7433612b6ee72c4
atomic-openshift-clients-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: e6bfc1a828f3adc4f150bea54a41c8ede78b1ada33750023f7433612b6ee72c4
atomic-openshift-cluster-autoscaler-3.11.715-1.g99b2acf.el7.ppc64le.rpm
SHA-256: 493336531daa0abdf14dd41e6c90a76edfe154c58c03cd2b56afa8466ed543fb
atomic-openshift-cluster-autoscaler-3.11.715-1.g99b2acf.el7.ppc64le.rpm
SHA-256: 493336531daa0abdf14dd41e6c90a76edfe154c58c03cd2b56afa8466ed543fb
atomic-openshift-descheduler-3.11.715-1.gd435537.el7.ppc64le.rpm
SHA-256: 7b004c11841bbe67917dcb7ca1033deca7baa269e9a2d0c534305515003787e6
atomic-openshift-descheduler-3.11.715-1.gd435537.el7.ppc64le.rpm
SHA-256: 7b004c11841bbe67917dcb7ca1033deca7baa269e9a2d0c534305515003787e6
atomic-openshift-docker-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: ed71107dbeb0fcdfef5985460c4acc2ba45f379abc30d7fc1f6b90477fb8aadf
atomic-openshift-docker-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: ed71107dbeb0fcdfef5985460c4acc2ba45f379abc30d7fc1f6b90477fb8aadf
atomic-openshift-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: b147cf3a67913e290bacb9b79ca3af239df7f9e1a949c3550abbe3dbc7003bc7
atomic-openshift-excluder-3.11.715-1.git.0.e449bb4.el7.noarch.rpm
SHA-256: b147cf3a67913e290bacb9b79ca3af239df7f9e1a949c3550abbe3dbc7003bc7
atomic-openshift-hyperkube-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 73576fe2e2c17560928d663cbfdbf7466883f33a54ba192ad0ce91dc3d78d238
atomic-openshift-hyperkube-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 73576fe2e2c17560928d663cbfdbf7466883f33a54ba192ad0ce91dc3d78d238
atomic-openshift-hypershift-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 4cf31e6507d88c9c3d552c5711138c86562b46ea963501563c251d92cc500a1f
atomic-openshift-hypershift-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 4cf31e6507d88c9c3d552c5711138c86562b46ea963501563c251d92cc500a1f
atomic-openshift-master-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: b09e766d2af9cc1c1a7e9bc7fa9913c82e6c900d63ce5c0737ef2a8665cbd8ab
atomic-openshift-master-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: b09e766d2af9cc1c1a7e9bc7fa9913c82e6c900d63ce5c0737ef2a8665cbd8ab
atomic-openshift-metrics-server-3.11.715-1.gf8bf728.el7.ppc64le.rpm
SHA-256: b4987290617065b2c1b4c10f7f1bc4de2913d65206ff54ff9599dda959b53a39
atomic-openshift-metrics-server-3.11.715-1.gf8bf728.el7.ppc64le.rpm
SHA-256: b4987290617065b2c1b4c10f7f1bc4de2913d65206ff54ff9599dda959b53a39
atomic-openshift-node-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 31b059f4fc4603d278d7488a01961b7effcd515761ee26f8cb7bf00df32b1d8d
atomic-openshift-node-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 31b059f4fc4603d278d7488a01961b7effcd515761ee26f8cb7bf00df32b1d8d
atomic-openshift-node-problem-detector-3.11.715-1.gc8f26da.el7.ppc64le.rpm
SHA-256: 72d199f4be295f1ac85a5a99c9b2105213e98df6d602929d2b8a6ca05d86bf76
atomic-openshift-node-problem-detector-3.11.715-1.gc8f26da.el7.ppc64le.rpm
SHA-256: 72d199f4be295f1ac85a5a99c9b2105213e98df6d602929d2b8a6ca05d86bf76
atomic-openshift-pod-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 6aeb0b4d18cb694cea496ce4107e3331848d58888987cc2de00f0b186c772c9e
atomic-openshift-pod-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 6aeb0b4d18cb694cea496ce4107e3331848d58888987cc2de00f0b186c772c9e
atomic-openshift-sdn-ovs-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: adc8812600976302ad63fbaea68112a33f91ccb12a048247de27a5a2bbbc7ab7
atomic-openshift-sdn-ovs-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: adc8812600976302ad63fbaea68112a33f91ccb12a048247de27a5a2bbbc7ab7
atomic-openshift-service-idler-3.11.715-1.g39cfc66.el7.ppc64le.rpm
SHA-256: b549f14cb9f7990e95aeeaa868a81fc8db498a06cac281243131caea1332af30
atomic-openshift-service-idler-3.11.715-1.g39cfc66.el7.ppc64le.rpm
SHA-256: b549f14cb9f7990e95aeeaa868a81fc8db498a06cac281243131caea1332af30
atomic-openshift-template-service-broker-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: ca717116051608a1ed607f54d0ff910b536ef6d650c3746e830e535f7c537594
atomic-openshift-template-service-broker-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: ca717116051608a1ed607f54d0ff910b536ef6d650c3746e830e535f7c537594
atomic-openshift-tests-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 26e0e08fa7ea71ae84c1a8e69d2a057387b8c506bfe9caba960a8d953f1330ed
atomic-openshift-tests-3.11.715-1.git.0.e449bb4.el7.ppc64le.rpm
SHA-256: 26e0e08fa7ea71ae84c1a8e69d2a057387b8c506bfe9caba960a8d953f1330ed
atomic-openshift-web-console-3.11.715-1.ga7c5920.el7.ppc64le.rpm
SHA-256: 5bfd9b6053d31dacde5ca224d2156e553b8e1266a9b75d297cd56a5656671b1c
atomic-openshift-web-console-3.11.715-1.ga7c5920.el7.ppc64le.rpm
SHA-256: 5bfd9b6053d31dacde5ca224d2156e553b8e1266a9b75d297cd56a5656671b1c
cri-o-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.ppc64le.rpm
SHA-256: af28105eddc223eeb44d319e367973c62ffe1af402497b1617b88f108ba31bda
cri-o-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.ppc64le.rpm
SHA-256: af28105eddc223eeb44d319e367973c62ffe1af402497b1617b88f108ba31bda
cri-o-debuginfo-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.ppc64le.rpm
SHA-256: 1cea365b0ea951db26f2cdd7c9a43210bd9397ed79334ce24cf196a5437a73db
cri-o-debuginfo-1.11.16-0.17.rhaos3.11.git4c0a8ad.el7.ppc64le.rpm
SHA-256: 1cea365b0ea951db26f2cdd7c9a43210bd9397ed79334ce24cf196a5437a73db
golang-github-openshift-oauth-proxy-3.11.715-1.gedebe84.el7.ppc64le.rpm
SHA-256: c4117b306d6a8372decece3bbc994a87f48b7861f881a637aee3f46f2c11f112
golang-github-openshift-oauth-proxy-3.11.715-1.gedebe84.el7.ppc64le.rpm
SHA-256: c4117b306d6a8372decece3bbc994a87f48b7861f881a637aee3f46f2c11f112
openshift-ansible-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 3518fc433a2711b2151c14b1f0ca89fe5346cce83f40ccc2982b400fc1184473
openshift-ansible-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 3518fc433a2711b2151c14b1f0ca89fe5346cce83f40ccc2982b400fc1184473
openshift-ansible-docs-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 020d490513e7cfafeacfc8aa7890b979f95fbd1a19ceb6a51bd7323058b9cd99
openshift-ansible-docs-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 020d490513e7cfafeacfc8aa7890b979f95fbd1a19ceb6a51bd7323058b9cd99
openshift-ansible-playbooks-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 177b8f8b531388727d5dccff95a640cfeba7778f38f057e0da97c1a38f413452
openshift-ansible-playbooks-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 177b8f8b531388727d5dccff95a640cfeba7778f38f057e0da97c1a38f413452
openshift-ansible-roles-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: c6db6cd7089638f341ce88418f58e4b0257580194984c5e377158979fb651850
openshift-ansible-roles-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: c6db6cd7089638f341ce88418f58e4b0257580194984c5e377158979fb651850
openshift-ansible-test-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 201a8862a8f2850a5454823e990c852b5a05624d84d112c6351c18ccf11e73cc
openshift-ansible-test-3.11.715-1.git.0.9151060.el7.noarch.rpm
SHA-256: 201a8862a8f2850a5454823e990c852b5a05624d84d112c6351c18ccf11e73cc
openshift-enterprise-autoheal-3.11.715-1.gf2f435d.el7.ppc64le.rpm
SHA-256: a6955f8257f11864ef5168824bf65fefb6f771db5b1917b5c0b79c2add89d451
openshift-enterprise-autoheal-3.11.715-1.gf2f435d.el7.ppc64le.rpm
SHA-256: a6955f8257f11864ef5168824bf65fefb6f771db5b1917b5c0b79c2add89d451
openshift-enterprise-cluster-capacity-3.11.715-1.g22be164.el7.ppc64le.rpm
SHA-256: 34b6f849fbf51e08e9ee53f8c10c90f2d9a552f91f1f1c5c7577aa72f00f27ea
openshift-enterprise-cluster-capacity-3.11.715-1.g22be164.el7.ppc64le.rpm
SHA-256: 34b6f849fbf51e08e9ee53f8c10c90f2d9a552f91f1f1c5c7577aa72f00f27ea
prometheus-3.11.715-1.g99aae51.el7.ppc64le.rpm
SHA-256: 8ab2c8a51be0d3da148ea6bdfff45d84083a03866a5748c44aeb1aa42f5d6b07
prometheus-3.11.715-1.g99aae51.el7.ppc64le.rpm
SHA-256: 8ab2c8a51be0d3da148ea6bdfff45d84083a03866a5748c44aeb1aa42f5d6b07
prometheus-alertmanager-3.11.715-1.g13de638.el7.ppc64le.rpm
SHA-256: a9b6545a6a763fcb694c01ac5b192d43578323a3ae2d9e9f76253b032c127fb7
prometheus-alertmanager-3.11.715-1.g13de638.el7.ppc64le.rpm
SHA-256: a9b6545a6a763fcb694c01ac5b192d43578323a3ae2d9e9f76253b032c127fb7
prometheus-node-exporter-3.11.715-1.g609cd20.el7.ppc64le.rpm
SHA-256: 78b9ec5ef295fa62c32959bbc217339312a668aef96c930f5e430413398f0f0b
prometheus-node-exporter-3.11.715-1.g609cd20.el7.ppc64le.rpm
SHA-256: 78b9ec5ef295fa62c32959bbc217339312a668aef96c930f5e430413398f0f0b
Related news
Red Hat Security Advisory 2022-7529-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include denial of service and memory exhaustion vulnerabilities.
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...
An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-29162: runc: incorrect handling of inheritable capabilities
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36221: golang: net/http/httputil: panic due to racy read of persistConn after handler panic * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-2990: buildah: possible information disclosure and modification * CVE-...
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat Security Advisory 2022-4999-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.715. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4947-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2022-4965-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.53. There are no images for this advisory. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4943-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.18. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-4972-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.38. Issues addressed include a memory exhaustion vulnerability.
Red Hat OpenShift Container Platform release 4.6.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-29036: credentials: Stored XSS vulnerabilities in jenkins plugin * CVE-2022-29046: subversion: Stored XSS vu...
Red Hat OpenShift Container Platform release 4.7.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.9.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
Red Hat OpenShift Container Platform release 4.10.18 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
### Description An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the process, and conmon writes the output to disk. CRI-O then reads the output and returns it to the Kubelet. If the output of the command is large enough, it is possible to exhaust the memory (or disk usage) of the node. The following deployment is an example yaml file that will output around 8GB of ‘A’ characters, which would be written to disk by conmon and read by CRI-O. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment100 spec: selector: matchLabels: app: nginx replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 lifecycle: postStart: exec: command: ["/bin/s...