RHBA-2023:4245 - Bug Fix Advisory

Topic

An updated OpenShift Compliance Operator image that adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The OpenShift Compliance Operator v1.2.0 is now available. See the documentation for bug fix information:

https://docs.openshift.com/container-platform/4.13/security/compliance_operator/compliance-operator-release-notes.html

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
• Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64

Fixes

• CMP-1559 - Update OpenShift CIS benchmark to version 1.4.0
• OCPBUGS-10508 - For ocp4-cis-scc-limit-container-allowed-capabilities please provide additional commands to help identify non compliant SCCs
• OCPBUGS-11696 - api-server-encryption related rules should not fail when aesgcm encryption type was applied
• OCPBUGS-16727 - Rule ocp4-cis-kubelet-configure-event-creation will fail by default for 4.14
• OCPBUGS-16877 - Rule ocp4-file-permissions-etcd-member should not get a false negative scan result for a 4.14 nightly payload
• OCPBUGS-17216 - CIS Rule RotateKubeletServerCertificate uses an invalid check on 4.14

CVEs

• CVE-2020-24736
• CVE-2021-46848
• CVE-2022-1304
• CVE-2022-4304
• CVE-2022-4450
• CVE-2022-36227
• CVE-2022-47629
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-0361
• CVE-2023-1667
• CVE-2023-2283
• CVE-2023-2602
• CVE-2023-2603
• CVE-2023-24329
• CVE-2023-27536
• CVE-2023-28321
• CVE-2023-28484
• CVE-2023-29469
• CVE-2023-32681

References

(none)