RHBA-2023:1682 - Bug Fix Advisory

Topic

An updated OpenShift Compliance Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The OpenShift Compliance Operator v1.0.0 is now available. See the documentation for bug fix information:

https://docs.openshift.com/container-platform/4.12/security/compliance_operator/compliance-operator-release-notes.html

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64

Fixes

• OCPBUGS-10769 - Rule rhcos4-ensure-logrotate-activated fail after autoremediaiton applied for rhel9
• OCPBUGS-1803 - compliance_operator_compliance_scan_error_total metric has a problematic error label
• OCPBUGS-7520 - The ocp4-api-server-audit-log-maxsize rule fails even though audit-log-maxsize is 200 Mb
• OCPBUGS-8358 - Enable Fips on node rule is misleading

CVEs

• CVE-2020-10735
• CVE-2021-28861
• CVE-2021-46848
• CVE-2022-4304
• CVE-2022-4415
• CVE-2022-4450
• CVE-2022-35737
• CVE-2022-40303
• CVE-2022-40304
• CVE-2022-40897
• CVE-2022-45061
• CVE-2022-47629
• CVE-2022-48303
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-0361
• CVE-2023-23916

References

(none)