- Issued:
- 2020-02-26
- Updated:
- 2020-02-26
RHBA-2020:0622 - Bug Fix Advisory
Synopsis
OCS 3.11.z Container Images Bug Fix Update
Type/Severity
Bug Fix Advisory
Topic
Updated container images for rhgs-server-container, rhgs-volmanager-container, rhgs-gluster-block-prov-container, and rhgs-s3-server-container are now available in the Red Hat Container Registry for Red Hat OpenShift Container Storage 3.11 Update 5.
Description
The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.
This advisory fixes the following bugs:
- With this update, rhgs-gluster-block-prov-container image re-spins to include SQLite package update with fixes to CVEs at Red Hat Enterprise Linux 7. (BZ#1796307)
- With this update, rhgs-s3-server-container image re-spins to include sqlite package update with fixes to CVEs at Red Hat Enterprise Linux 7. (BZ#1802437)
- Race conditions between two LVM stacks (one on the host, and one inside the container) fight between each other and cause conflicting results. Activation of devices may not always succeed, or device-nodes/symlinks of activated devices could be incorrectly removed. With this update, a wrapper script to run LVM commands from inside the container on the host is executed. As a result, only a single LVM stack is used which is the one on the host. This prevents conflicts from occurring between two stacks. (BZ#1655930)
- Previously, the SSH service embedded in the gluster server container supported CBC mode ciphers. With this update, these ciphers are now disabled. (BZ#1800446)
- Previously, certain system conditions are logged in a misleading way. Hence, spurious error messages in gusterfs client logs report `writing to fuse device failed: No such file or directory'. These messages can now be safely ignored as there is no harmful effect. (BZ#1790997)
- With this update, rhgs-server-container image re-spins to include SQLite package update with fixes to CVEs at Red Hat Enterprise Linux 7. (BZ#1802435)
- With this update, rhgs-volmanager-container re-spins to include SQLite package update with fixes to CVEs at Red Hat Enterprise Linux 7. (BZ#1802436)
All users of OpenShift Container Storage 3.11 container images are advised to pull these updated images from the Red Hat Container Registry.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Gluster Storage Server for On-premise 3 for RHEL 7 x86_64
Fixes
- BZ - 1655930 - Docker service failed to restart on one of the OCP node,pod failed to come up with error "Can't set task name /dev/mapper/docker--vg-docker--pool"
- BZ - 1748420 - systemd units rpcbind.socket and systemd-journal-flush.service show status failed
- BZ - 1765602 - rhgs-server container should not have sudo rpm
- BZ - 1772611 - rhgs-server container should contain the wrapper commands to call LVM on the host
- BZ - 1782096 - respin rhgs-volmanager-container for OCS 3.11.5
- BZ - 1782097 - respin rhgs-gluster-block-prov container for OCS 3.11.5
- BZ - 1783226 - Contents of /etc/redhat-storage-release should be changed to 3.5 instead of 3.5.0
- BZ - 1788913 - [RHGS Tracker #1793035] app pods going into CrashLoopBackOff backed by glusterfs storage.
- BZ - 1790997 - [Container Respin] [RHGS Tracker] fuse log registers error with misleading "No such file or directory" when we interrupt a file copy
- BZ - 1796307 - Respin the rhgs-gluster-block-prov container to include CVE fixes for sqlite
- BZ - 1798850 - [OCS] Deployment of OCS independent mode is failing because of the unknown parameter name HEKETI_LVM_WRAPPER
- BZ - 1802435 - Respin the rhgs-server-container to include CVE fixes for sqlite
- BZ - 1802436 - Respin the rhgs-volmanager-container to include CVE fixes for sqlite
- BZ - 1802437 - Respin the rhgs-s3-server-container to include CVE fixes for sqlite
CVEs
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.