Headline

RHSA-2022:0565: Red Hat Security Advisory: OpenShift Container Platform 4.6.55 packages and security update

Red Hat OpenShift Container Platform release 4.6.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-20612: jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
CVE-2022-20617: jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

2 years ago

Red Hat Security Data

Open in Source

#csrf #vulnerability #web #linux #red_hat #nodejs #js #git #java #kubernetes

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Red Hat Customer Portal

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus
Red Hat CodeReady Studio

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2022-02-25

Updated:

2022-02-25

RHSA-2022:0565 - Security Advisory

Overview
Updated Packages

Synopsis

Important: OpenShift Container Platform 4.6.55 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.6.55 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.55. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:0566

Security Fix(es):

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution (CVE-2022-20617)
jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF (CVE-2022-20612)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

BZ - 2044460 - CVE-2022-20612 jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
BZ - 2044502 - CVE-2022-20617 jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

Red Hat OpenShift Container Platform 4.6 for RHEL 8

SRPM

cri-o-1.19.4-6.rhaos4.6.git391175b.el8.src.rpm

SHA-256: 9434d5a7073edc29f761ed6d42d1dd5cf765e7e658ae3250b207bc8cc77c1db3

jenkins-2-plugins-4.6.1643965689-1.el8.src.rpm

SHA-256: a400ac73a384dfb802dce4191c17f2b73dec975e57bd5b0d74dd74a75200480c

jenkins-2.319.2.1643964085-1.el8.src.rpm

SHA-256: 42a51e88ca8eeed7a0641c69f1317e37ef356016c9f98e607fd477df6ee78c7a

openshift-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el8.src.rpm

SHA-256: b0b7070f57302b375e93d4660fedd108247ad01f6f048a59645b5cee47c01f79

openshift-kuryr-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.src.rpm

SHA-256: 8eb096f3eda4cb31c0d2dfd8f8a446aa1352dfd06431df85efbc154675663b43

x86_64

cri-o-1.19.4-6.rhaos4.6.git391175b.el8.x86_64.rpm

SHA-256: 8e70bb0d54e82c764963f0199341aedfc296bac1ccb7dc316b72e5463d4cdae6

cri-o-debuginfo-1.19.4-6.rhaos4.6.git391175b.el8.x86_64.rpm

SHA-256: 98c63584fbb6bd4102f1062b415616a47b0f5a64d910dd97fcf6e652703e2ac0

cri-o-debugsource-1.19.4-6.rhaos4.6.git391175b.el8.x86_64.rpm

SHA-256: 1370265e0cd9d729496f0db34ff04f117296042d97ae929a69fdd86db016f380

jenkins-2-plugins-4.6.1643965689-1.el8.noarch.rpm

SHA-256: a7005f19c628fc399f78ae4d3e07807d7f318a3c20bff3cd4c706717b3d9cdca

jenkins-2.319.2.1643964085-1.el8.noarch.rpm

SHA-256: efa7339bf0e5b0d78ac937dfb7058b0cf19ca86ce916a88ff3c0d04b1ac49189

openshift-hyperkube-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el8.x86_64.rpm

SHA-256: 1a403da18fe5bd4ff4be5d9a60ea66f7e497e6909be19905c7267afad3af7e18

openshift-kuryr-cni-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.noarch.rpm

SHA-256: 2500c1f2c289309a16fab64fbff7fb3e2df1caad89d2ad44fe4ce1c341085cb1

openshift-kuryr-common-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.noarch.rpm

SHA-256: 574535e978c79f7036d97646a5ab633478f15bcd0abc6cfe921255831cefd3f7

openshift-kuryr-controller-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.noarch.rpm

SHA-256: bc539fb521658f8c5dac0bb4a9dd535286fd161bdfcfbe0e7f7269509a701665

python3-kuryr-kubernetes-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.noarch.rpm

SHA-256: f8fd996141dbd9cbbf4a94a96021f2cbfb59a8f713845722213cc90028573852

Red Hat OpenShift Container Platform 4.6 for RHEL 7

SRPM

cri-o-1.19.4-6.rhaos4.6.git391175b.el7.src.rpm

SHA-256: a271820acaa65c4e7df958936768297a520ac0e84239e587491849782f07d57a

openshift-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el7.src.rpm

SHA-256: fde406ed5db2cb1cccfc5bd25a57457d1d7b85a55623c55edcee8c69e92fbcaa

x86_64

cri-o-1.19.4-6.rhaos4.6.git391175b.el7.x86_64.rpm

SHA-256: a32367ed8fed463c78c63941e80efb509746c79c73fa71ee778394676dcce238

cri-o-debuginfo-1.19.4-6.rhaos4.6.git391175b.el7.x86_64.rpm

SHA-256: 9f5dd90c0a3733f19d5aa4e71cd6c0c3902568d6c0f77b0cd1b8c8d1d606f5da

openshift-hyperkube-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el7.x86_64.rpm

SHA-256: 1ac31b8890b82eaf9baffefa9f109a3941ee81a7f6aef464421c5e5274435c20

Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8

SRPM

cri-o-1.19.4-6.rhaos4.6.git391175b.el8.src.rpm

SHA-256: 9434d5a7073edc29f761ed6d42d1dd5cf765e7e658ae3250b207bc8cc77c1db3

jenkins-2-plugins-4.6.1643965689-1.el8.src.rpm

SHA-256: a400ac73a384dfb802dce4191c17f2b73dec975e57bd5b0d74dd74a75200480c

jenkins-2.319.2.1643964085-1.el8.src.rpm

SHA-256: 42a51e88ca8eeed7a0641c69f1317e37ef356016c9f98e607fd477df6ee78c7a

openshift-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el8.src.rpm

SHA-256: b0b7070f57302b375e93d4660fedd108247ad01f6f048a59645b5cee47c01f79

openshift-kuryr-4.6.0-202201261116.p0.g74cd766.assembly.stream.el8.src.rpm

SHA-256: 8eb096f3eda4cb31c0d2dfd8f8a446aa1352dfd06431df85efbc154675663b43

ppc64le

cri-o-1.19.4-6.rhaos4.6.git391175b.el8.ppc64le.rpm

SHA-256: 16a81e813a90b2a7e5e29f8fb151e99ef7fd45565c100f123d9e3d7c08a2dae3

cri-o-debuginfo-1.19.4-6.rhaos4.6.git391175b.el8.ppc64le.rpm

SHA-256: fa6d879431a7f505c5e9a926e8d153892d9fa8bf62b423652fe50dd8d1679256

cri-o-debugsource-1.19.4-6.rhaos4.6.git391175b.el8.ppc64le.rpm

SHA-256: 6b4548a50f4d2a6dfd3ece725fc30fb36ed6873ebaaaadc548679f289157cb87

jenkins-2-plugins-4.6.1643965689-1.el8.noarch.rpm

SHA-256: a7005f19c628fc399f78ae4d3e07807d7f318a3c20bff3cd4c706717b3d9cdca

jenkins-2.319.2.1643964085-1.el8.noarch.rpm

SHA-256: efa7339bf0e5b0d78ac937dfb7058b0cf19ca86ce916a88ff3c0d04b1ac49189

openshift-hyperkube-4.6.0-202201200342.p0.g35fca9a.assembly.stream.el8.ppc64le.rpm

SHA-256: 08564d415376e5691db598f510f3a8f86c692bc391329bc898e93179fcb87574