RHBA-2023:7658 - Bug Fix Advisory

Topic

An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The OpenShift Compliance Operator v1.4.0 is now available. See the documentation for bug fix information:

https://docs.openshift.com/container-platform/4.14/security/compliance_operator/compliance-operator-release-notes.html

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:

https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
• Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64

Fixes

• CMP-2123 - Suspend and resume scans
• CMP-2125 - Design and implement profile versioning in Profile CRD
• CMP-2126 - Design and implement profile names in ComplianceRules
• CMP-2310 - Clean up CronJob compatibility code
• OCPBUGS-17494 - Compliance Operator rprivate default mount propagation in combination with `hostPath: path: /` volume mounts of pods created breaks CSI driver relying on multipath
• OCPBUGS-8041 - Remediations get stuck in a loop when derived from check results with INFO status
• OCPBUGS-24594 - Rule rhcos4-audit-rules-login-events-faillock will fail even after auto-remediation applied
• OCPBUGS-25323 - Ovs rules not available in scans for profile ocp4-cis-node for compliance-operator.v1.4.0

CVEs

• CVE-2020-24736
• CVE-2022-4304
• CVE-2022-4450
• CVE-2022-36227
• CVE-2023-0215
• CVE-2023-0286
• CVE-2023-1667
• CVE-2023-2283
• CVE-2023-4016
• CVE-2023-4641
• CVE-2023-28484
• CVE-2023-29469

References

(none)