- Issued:
- 2022-07-14
- Updated:
- 2022-07-14
RHBA-2022:5537 - Bug Fix Advisory
Synopsis
OpenShift Compliance Operator bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated OpenShift Compliance Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v0.1.53 is now available. See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Fixes
- BZ - 2069891 - Rule ?ocp4-kubelet-enable-streaming-connections? is not set up correctly
- BZ - 2072597 - Group ownership for ovs config file is not properly set on Z
- BZ - 2077916 - ocp4-cis-scc-limit-container-allowed-capabilities should be MANUAL rule as all the others scc rules
- BZ - 2079813 - False positive in rules: ocp4-cis-api-server-kubelet-client-{cert|key} and ocp4-cis-kubelet-configure-tls-{cert|key}
- BZ - 2081952 - The rule content_rule_oauth_or_oauthclient_inactivity_timeout is failing after setting "accessTokenInactivityTimeout: 10m0s"
- BZ - 2088202 - compliance operator workloads should comply to restricted pod security level
- BZ - 2094382 - Auto remediation does not work for rules rhcos4-high-master-sysctl-kernel-yama-ptrace-scope and rhcos4-sysctl-kernel-core-pattern
- BZ - 2094854 - ocp4-pci-dss-modified-api-checks-pod in a CrashLoopBackoff state because OOM.
CVEs
- CVE-2018-25032
- CVE-2019-5827
- CVE-2019-13750
- CVE-2019-13751
- CVE-2019-17594
- CVE-2019-17595
- CVE-2019-18218
- CVE-2019-19603
- CVE-2019-20838
- CVE-2020-13435
- CVE-2020-14155
- CVE-2020-24370
- CVE-2021-3580
- CVE-2021-3634
- CVE-2021-20231
- CVE-2021-20232
- CVE-2021-23177
- CVE-2021-31566
- CVE-2021-36084
- CVE-2021-36085
- CVE-2021-36086
- CVE-2021-36087
- CVE-2021-40528
- CVE-2022-0778
- CVE-2022-1271
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-22576
- CVE-2022-24407
- CVE-2022-25313
- CVE-2022-25314
- CVE-2022-27774
- CVE-2022-27776
- CVE-2022-27782
- CVE-2022-29824
References
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
