- Issued:
- 2023-02-22
- Updated:
- 2023-02-22
RHBA-2023:0557 - Bug Fix Advisory
Synopsis
OpenShift Compliance Operator bug fix update
Type/Severity
Bug Fix Advisory
Topic
An updated OpenShift Compliance Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v0.1.61 is now available. See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Fixes
- OCPBUGS-3864 - CO should warn if non-default roles are used but the kubelet roles variables have not been tailored
- OCPBUGS-4338 - Need to combine Eviction interdependent remediation together.
- OCPBUGS-4445 - MCP stuck in pasued state because of error "kubeletconfig custom-kubeletconfig is not subset of rendered"
- OCPBUGS-4615 - The Compliance Check Result is sourced from content rationale instead of description. We should update the CCR CRD by adding a rationale and modifying descriptions to match the Rule object's CCR.
- OCPBUGS-4621 - Crash in compliance operator at compliance-operator/pkg/utils.AreKubeletConfigsRendered
- OCPBUGS-3017 - The instructions for rule ocp4-kubelet-configure-tls-cipher-suites needs to be updated Compliance Operator
- OCPBUGS-6827 - Unable to create compliance scan while using TailoredProfile and non-default MachineConfigPool
- OCPBUGS-6708 - Remove kubeletConfig evictionHard imagefs.inodesFree and evictionSoft parameters from rules to check the kubelet default values
- OCPBUGS-6968 - OCP 4.12 cluster nodes having kubelet service running with unconfined_service_t
CVEs
- CVE-2021-46848
- CVE-2022-1304
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22662
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26716
- CVE-2022-26717
- CVE-2022-26719
- CVE-2022-30293
- CVE-2022-35737
- CVE-2022-40303
- CVE-2022-40304
- CVE-2022-42010
- CVE-2022-42011
- CVE-2022-42012
- CVE-2022-42898
- CVE-2022-43680
- CVE-2022-47629
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
