- Issued:
- 2024-05-15
- Updated:
- 2024-05-15
RHBA-2024:1830 - Bug Fix Advisory
Synopsis
OpenShift Compliance Operator bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
An updated OpenShift Compliance Operator image that fixes various bugs and adds new enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Description
The OpenShift Compliance Operator v1.4.1 is now available. See the documentation for bug fix information:
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
- Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Fixes
- OCPBUGS-13589 - Rule upstream-ocp4-kubelet-enable-protect-kernel-sysctl-file-exist fail for rhel9 based RHCOS systems
- OCPBUGS-18331 - Applying remediations in RHOCP 4.13 unexpectedly disable users login
- OCPBUGS-26193 - The OCP4 STIG profile is missing existing rules from CaC/content
- OCPBUGS-26229 - Scan setting binding validation is inconsistent when using multiple products
- OCPBUGS-28242 - Rule rhcos4-service-debug-shell-disabled show as FAIL after auto-remediation applied
- OCPBUGS-28797 - The instructions for rule rhcos4-banner-etc-issue is not helpful
- OCPBUGS-28918 - api_server_api_priority_flowschema_catch_all fails on OpenShift 4.16
- OCPBUGS-29272 - Compliance Scan does not gets deleted after removing profile from SSB
- CMP-2401 - Add OCP4 STIG IDs and SRGs to profile rules
- CMP-2471 - Disable rules on s390x
- OCPBUGS-32797 - Metrics service is missing for Compliance Operator v1.4.1 on Power
- OCPBUGS-33067 - On hypershift hosted cluster, a scan with ocp4-pci-dss profile will run into fatal error due to filter cannot iterate
- OCPBUGS-33458 - Default Scan setting roles is set to all instead of master,worker on Power
- CMP-2331 - ocp4-cis-api-server-api-priority-gate-enabled rule is failing even if APIPriorityAndFairness enabled
CVEs
- CVE-2021-35937
- CVE-2021-35938
- CVE-2021-35939
- CVE-2021-43618
- CVE-2023-2602
- CVE-2023-2603
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-4527
- CVE-2023-4806
- CVE-2023-4813
- CVE-2023-4911
- CVE-2023-5678
- CVE-2023-5981
- CVE-2023-7104
- CVE-2023-28322
- CVE-2023-29491
- CVE-2023-38546
- CVE-2023-39615
- CVE-2023-44487
- CVE-2023-46218
- CVE-2023-48795
- CVE-2023-52425
- CVE-2024-0553
- CVE-2024-2961
References
(none)
ppc64le
compliance/openshift-compliance-content-rhel8@sha256:daec9971613e397688b781a34b960a585b405e58979f243976b13c65126b71c7 |
compliance/openshift-compliance-openscap-rhel8@sha256:ae07ca617b066fba8949fc4d044c7015c666c3a9efb181a397422d572eb340b3 |
compliance/openshift-compliance-rhel8-operator@sha256:43b9a5282345d3d4c9d765bd39ea01bf249efa07253697610b957d54bb7f0e63 |
s390x
compliance/openshift-compliance-content-rhel8@sha256:bfd263191e7ae9586b31e66f3656698ee0a6fa54a81aed53e576ddad60420b40 |
compliance/openshift-compliance-openscap-rhel8@sha256:ceb236dbd8897d6edd07000beea254149c66d2937f81310333773464208be334 |
compliance/openshift-compliance-rhel8-operator@sha256:4c9da7324ff25302f8497766f666b7928973cfd33505a9c54e3facd26a962708 |
x86_64
compliance/openshift-compliance-content-rhel8@sha256:0343fd05e2479a4c8043b56012f133ada67a70add1e3414273f1cf7d5e95afe7 |
compliance/openshift-compliance-openscap-rhel8@sha256:5043cc6bf66d9f6fc361d7903d0d2dc816ca64d23d7e2a242a1ff035f6dded6e |
compliance/openshift-compliance-operator-bundle@sha256:cf9d9e16e4660cfff746b3517d32fc73f4d9716d61c5bcae60a60a8fb42ae38e |
compliance/openshift-compliance-rhel8-operator@sha256:9e4acee176f64099221af5ac88ae7297e1a6c188d9e6760bb7592c640fa2ce46 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.