RHBA-2019:3303 - Bug Fix Advisory

Topic

Red Hat OpenShift Container Platform release 4.2.4 is now available with
updates to packages and images that fix several bugs.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat
4OpenShift Container Platform 4.2.4. See the following advisory for the
RPM packages for this release:

https://access.redhat.com/errata/RHBA-2019:3304

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel ease-notes.html

You may download the oc tool and use it to inspect release image metadata
as follows:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.2.4

The image digest is
sha256:e8ed03f1fb2ef07c15ec4c8ce1bc29962225f32572e9d36c81cf110c1bff9268

All OpenShift Container Platform 4.2 users are advised to upgrade to these
updated packages and images.

Solution

For OpenShift Container Platform 4.2 see the following documentation, which
will be updated shortly for release 4.2.4, for important instructions on
how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-release-notes.html

Affected Products

• Red Hat OpenShift Container Platform 4.2 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.2 for RHEL 7 x86_64

Fixes

• BZ - 1755557 - Performing disaster recovery twice on a cluster can fail to proceed the second time
• BZ - 1755780 - [4.2.z] Cannot prune registry 'invalid resource name "psd2-anusha/psd2-anusha": [may not contain '/']'
• BZ - 1756478 - [4.2.z] Cannot disable S3 redirect via operator
• BZ - 1757134 - The modify/edit view of "UpdateStrategy" Descriptor is missing
• BZ - 1757234 - Cherry-pick: Kubelet should use watch-based configMapAndSecretChangeDetectionStrategy
• BZ - 1757390 - [IPI][OSP] Kubelet fail to admit pod with insufficient memory due to coredns, keepalived and mdns-publisher have no pods in kube-apiserver
• BZ - 1758373 - EXTENDED_VALIDATION doesn't capture certificate / key mismatch, causing the router to misbehave [4.2]
• BZ - 1759181 - [4.2-backport] No RBAC method for setting ExternalIPs
• BZ - 1759400 - [4.2][proxy] no proxy is set for kube-controller-manager.
• BZ - 1759986 - Races between retries and deletion actions
• BZ - 1760044 - Console workload show restricted acccess if knative serverless TP1 operator is installed and logged in as non admin
• BZ - 1760480 - [4.2.z] cluster-image-registry-operator container image is built with CGO_ENABLED=0
• BZ - 1761507 - Neutron internal error when activating vif or adding subports to trunk crashes kuryr-controller
• BZ - 1761814 - Informers can miss notifications
• BZ - 1761879 - Resources Tab under Custom Resource details page for installed operator crashes
• BZ - 1761887 - Cluster upgrade fails due to UpdatingPrometheusOperatorFailed problem
• BZ - 1762409 - Eventrouter pod in CrashLoopBackOff status: "runtime error: invalid memory address or nil pointer dereference"
• BZ - 1762960 - dns operator degraded status flaps during rollouts
• BZ - 1763057 - Wrong number of reported pods in unavailable state
• BZ - 1763205 - Updating 00-master can wedge (master never progresses)
• BZ - 1763279 - kuryrnet and neutron resources leftovers after kuryr-controller restart
• BZ - 1763749 - OLM dependency resolution does not prefer the initial catalog
• BZ - 1763822 - Canceling the task graph partway though should be an error even if no tasks fail
• BZ - 1763891 - only 1 attempt at imagestreamimport for a failed, initial sample import
• BZ - 1764227 - Incorrect validation pattern on ConsoleCLIDownloads Href field
• BZ - 1765308 - Can not create cluster in AWS region Stockholm (eu-north-1) via IPI
• BZ - 1767237 - [Docs] Add a note on needing to login to registry.redhat.io before deploying operator for non-OLM case
• BZ - 1767943 - [Docs] For CAM CORS setup the restart command should be 'master-restart controllers' instead of 'master-restart controller'
• BZ - 1767948 - [Docs] Manual migration operator install commands should indicate sudo is required if rootless containers are unavailable
• BZ - 1767951 - [Docs] Improve CORS configuration validation instructions to be more specific

CVEs

• CVE-2016-10739
• CVE-2017-14503
• CVE-2018-0734
• CVE-2018-0735
• CVE-2018-16890
• CVE-2018-20483
• CVE-2018-20534
• CVE-2018-20685
• CVE-2018-1000877
• CVE-2018-1000878
• CVE-2019-1543
• CVE-2019-3817
• CVE-2019-3822
• CVE-2019-3823
• CVE-2019-3829
• CVE-2019-3836
• CVE-2019-5010
• CVE-2019-6109
• CVE-2019-6111
• CVE-2019-6706
• CVE-2019-7146
• CVE-2019-7149
• CVE-2019-7150
• CVE-2019-7664
• CVE-2019-7665
• CVE-2019-9740
• CVE-2019-9893
• CVE-2019-9947
• CVE-2019-9948
• CVE-2019-11236
• CVE-2019-11324
• CVE-2019-12450
• CVE-2019-12749
• CVE-2019-15718
• CVE-2019-16276
• CVE-2019-1000019
• CVE-2019-1000020
• CVE-2020-15719

References

(none)