RHBA-2019:3151 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.2.1 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat
OpenShift Container Platform 4.2.1. See the following advisory for the
RPM packages for this release:

https://access.redhat.com/errata/RHBA-2019:3150

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.2.1

The image digest is sha256:32f2e138c0c5af6183830a22801f627bedb414591332960b7c8506ba7f6d7bb6

All OpenShift Container Platform 4.2 users are advised to upgrade to these
updated packages and images.

Solution

For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.1, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html

Affected Products

• Red Hat OpenShift Container Platform 4.2 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.2 for RHEL 7 x86_64

Fixes

• BZ - 1666167 - Fluentd and curator can't connect to ES after secrets regenerated.
• BZ - 1743872 - MIG UI: Paging of namespace is showing duplication in checkbox value.
• BZ - 1744172 - MIG UI: Select all checkbox needed to select all namespaces on a page at once
• BZ - 1748058 - [CPMA]local model not configure hostname's value
• BZ - 1748173 - [CPMA] cpmn utility doesn't transform Quota and ClusterQuota configurations from ocp3.7
• BZ - 1754606 - cluster level alert fires spuriously
• BZ - 1754686 - DHCP mode failed when configuring it in multus CNI IPAM
• BZ - 1755188 - [sriov] sriov operator pod crash when there is NAD created by manual
• BZ - 1755193 - [vsphere] [upi] [ci] bootstrap timeout
• BZ - 1755242 - node:node_memory_bytes_available:sum recording rule is not available
• BZ - 1755865 - [CPMA] Failed to transform OpenID connect auth configuration to OCP 4.2 due to missing issuer
• BZ - 1756303 - Failed DNS updates causes recursive data accumulation leading to update failure
• BZ - 1756384 - CI: fix verify tools build failure
• BZ - 1757355 - [IPI][OSP] [Feature:Platform][Smoke] Managed cluster should ensure control plane operators do not make themselves unevictable [Suite:openshift/conformance/parallel] fails
• BZ - 1757484 - [Docs] Migration of 50 (or above) projects fails with restic timeout.
• BZ - 1757558 - [Kuryr] NPs for svc don't react to namespace labels updates
• BZ - 1757560 - Wrongly try to enforce Network Policies on SVCs without selectors and ports
• BZ - 1757561 - Network Policy wrongly enforced due to wrong pod IP (Kuryr)
• BZ - 1757991 - [Docs] Update how to obtain sample Operator deployment and Custom Resource using docker/podman commands
• BZ - 1758170 - Query Browser can flip between two different query results
• BZ - 1758232 - [4.2] Networkpolicy resources not getting applied on update
• BZ - 1758533 - [Kuryr] KNPs cannot be deleted due to ports on the pools with its associated SG
• BZ - 1759097 - Kuryr-controller restarts due to race between namespace and pod creation
• BZ - 1759159 - [4.2.z] Changing storage type makes impossible to delete config.imageregistry.operator.openshift.io
• BZ - 1759346 - [Docs] Add an example to CORS setup to run curl command to verify CORS is setup as expected
• BZ - 1759349 - [Docs] Add an example of API endpoint using a specific port to CAM usage from UI of adding a cluster
• BZ - 1759710 - ClusterVersion upgrade history of previously completed upgrades completionTimestamp is being modified when it shouldnt
• BZ - 1759804 - [DOCS]APP Mig tool is not currently handling cluster scopes resources
• BZ - 1759831 - OpenShift sdn crashes when there is a gretap link - 4.2 backport
• BZ - 1759912 - [Docs] Document procedure for installing CAM via OLM as a source cluster
• BZ - 1759973 - Kuryr - occasional "BadRequest: Invalid input for operation: Non unique UUID for subport" when namespace gets deleted
• BZ - 1760197 - [UPI] GCP backend for api server has incorrect ranges allowed for heath checks
• BZ - 1761345 - kuryrnet handler makes kuryr-controller to restart frequently
• BZ - 1761548 - Persistent Volumes with `Delete` reclaim policy fails to restore when swinging volume
• BZ - 1762565 - 4.1 to 4.2 upgrade fails, second master is caught in a drain loop wedge and upgrade never completes
• BZ - 1762788 - Kuryr: Failures releasing port when pod doesn't have status.hostIP set
• BZ - 1762921 - fix multus-admission-controller definition to avoid spurious error messages
• BZ - 1763636 - etcd-member manifest rendered with an empty image reference and leading to cluster disruption during a 4.1->4.2 upgrade

CVEs

• CVE-2018-20856
• CVE-2019-2945
• CVE-2019-2949
• CVE-2019-2962
• CVE-2019-2964
• CVE-2019-2973
• CVE-2019-2975
• CVE-2019-2977
• CVE-2019-2978
• CVE-2019-2981
• CVE-2019-2983
• CVE-2019-2987
• CVE-2019-2988
• CVE-2019-2989
• CVE-2019-2992
• CVE-2019-2999
• CVE-2019-3846
• CVE-2019-9506
• CVE-2019-9512
• CVE-2019-9514
• CVE-2019-10126

References

(none)