- Issued:
- 2023-03-09
- Updated:
- 2023-03-09
RHEA-2023:1161 - Product Enhancement Advisory
Synopsis
RHEA: OSUS Enhancement Update
Type/Severity
Product Enhancement Advisory
Topic
OpenShift Update Service v5.0.1 now available for Red Hat OpenShift Container
Platform
Description
The OpenShift Update Service uses the update protocol called Cincinnati, which
is designed to facilitate automatic updates.
This version includes various bug fix and other reliability improvements.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
Fixes
- BZ - 1915968 - OSUS should support extracting GPG signatures from image
- BZ - 1939855 - Updateservice pod should be re-deployed when update graphDataImage of updateservice object
- BZ - 2008125 - graph-builder's www-authenticate parsing is case sensitive, while RFC 7235 calls for case-insensitive auth-schemes
- BZ - 2009651 - OUS uses wrong imagePullPolicy for graph-data initContainer
- BZ - 2010497 - Update Service release image digest mismatch, because Artifactory doesn't support Accept q weighting
- BZ - 2101732 - Need remove old route sample-policy-engine-route after upgrade osus from v4.9 to v5.0
- OTA-654 - Cincinnati should be able to scrape multiple arch payload images
- OTA-683 - Handle CA certs for https proxy settings in Cincinnati
- OTA-696 - conditional-edge filtering is too broad
- OTA-736 - do not panic on sha-mismatch for multi-arch images
- OTA-857 - Migrate Update Service Operator out of APIs deprecated in OCP 4.12
- OCPBUGS-7150 - Graph-builder failed due to cluster-wide certificate verify failed
CVEs
- CVE-2016-3709
- CVE-2021-46848
- CVE-2022-1292
- CVE-2022-1304
- CVE-2022-1586
- CVE-2022-2068
- CVE-2022-2097
- CVE-2022-2509
- CVE-2022-3515
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22662
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26716
- CVE-2022-26717
- CVE-2022-26719
- CVE-2022-30293
- CVE-2022-34903
- CVE-2022-35737
- CVE-2022-40303
- CVE-2022-40304
- CVE-2022-42898
- CVE-2022-47629
References
(none)
x86_64
| openshift-update-service/cincinnati-operator-bundle@sha256:15f80efb399fc33a80e9979df4e8044501737eee335a2a5034c8de98957a87b9 |
| openshift-update-service/cincinnati-rhel8-operator@sha256:ff28b50d0c39b9e680177616bb6f83726bd1f22864e983cd07b621baed99eff4 |
| openshift-update-service/openshift-update-service-rhel8-operator@sha256:ff28b50d0c39b9e680177616bb6f83726bd1f22864e983cd07b621baed99eff4 |
| openshift-update-service/openshift-update-service-rhel8@sha256:0e67daa2313ac7695b53de468ca0a540988befe1dfa5c9036eb05e21fd9f107a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
