Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2021:0282 - Security Advisory
Issued:
2021-02-03
Updated:
2021-02-03

RHSA-2021:0282 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.4.33 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs.

This release includes a security update for jenkins-2-plugins, openshift, and openshift-kuryr for Red Hat OpenShift Container Platform 4.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
  • jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.4.33. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2021:0281

All OpenShift Container Platform 4.4 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor.

Solution

For OpenShift Container Platform 4.4 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.4/updating/updating-cluster-cli.html.

Affected Products

  • Red Hat OpenShift Container Platform 4.4 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.4 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.4 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 7 s390x

Fixes

  • BZ - 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks
  • BZ - 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks
  • BZ - 1921164 - Placeholder bug for OCP 4.4.z rpm release

CVEs

  • CVE-2020-2304
  • CVE-2020-2305

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.4 for RHEL 8

SRPM
openshift-4.4.0-202101221150.p0.git.0.f7ab6b8.el8.src.rpm SHA-256: 7ef7d19ce763a14681f46cba4a451d296a2b2061f15211ca3b2df853dcaf743e
openshift-kuryr-4.4.0-202101082241.p0.git.1821.1a159eb.el8.src.rpm SHA-256: 1b8f52aabbf646a8274576f1298e8cb11ab970605898307b11f9c6514b3128bd
x86_64
openshift-hyperkube-4.4.0-202101221150.p0.git.0.f7ab6b8.el8.x86_64.rpm SHA-256: 03100bdc536ec0b1731d51b3385359092116e76bace58a901a4a0b414ec8b6ef
openshift-kuryr-cni-4.4.0-202101082241.p0.git.1821.1a159eb.el8.noarch.rpm SHA-256: 76f132efa33708ba0b38e1ee4ab043a2556cecb4f4f66eab86e3d07322f843bd
openshift-kuryr-common-4.4.0-202101082241.p0.git.1821.1a159eb.el8.noarch.rpm SHA-256: c3ec11a3504d8b8761e843763d43bcf5618623ea71bd1ae1994e00dcc9231477
openshift-kuryr-controller-4.4.0-202101082241.p0.git.1821.1a159eb.el8.noarch.rpm SHA-256: 60993de24c3d297f89a1fc50a8038b4471dc403cb709d979414f3d337b5abb39
python3-kuryr-kubernetes-4.4.0-202101082241.p0.git.1821.1a159eb.el8.noarch.rpm SHA-256: 87219e1efe16dd34debb0fa3fc21d170f1b8b4274a142aed8e7d52e3bcc30db2

Red Hat OpenShift Container Platform 4.4 for RHEL 7

SRPM
jenkins-2-plugins-4.4.1611203637-1.el7.src.rpm SHA-256: e16f00c2aac80bcd3c60854bea41ee1e1eb2b95fbee4263ab4549bb124eb9009
openshift-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.src.rpm SHA-256: 34ba95a9c6c92d7ab6c7b476d6fcfd52744fd0bb811711940b59ae7799aad6c0
x86_64
jenkins-2-plugins-4.4.1611203637-1.el7.noarch.rpm SHA-256: 9fa71cbbd641f18e2c9116ed29cdb5a277ba27d27f2d38e0cef661993f62d3e5
openshift-hyperkube-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.x86_64.rpm SHA-256: 30a28998ae9db753dbbd1f91d1282001c5f662a9ad6f96041f293b20ddca7aff

Red Hat OpenShift Container Platform for Power 4.4 for RHEL 7

SRPM
jenkins-2-plugins-4.4.1611203637-1.el7.src.rpm SHA-256: e16f00c2aac80bcd3c60854bea41ee1e1eb2b95fbee4263ab4549bb124eb9009
openshift-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.src.rpm SHA-256: 34ba95a9c6c92d7ab6c7b476d6fcfd52744fd0bb811711940b59ae7799aad6c0
ppc64le
jenkins-2-plugins-4.4.1611203637-1.el7.noarch.rpm SHA-256: 9fa71cbbd641f18e2c9116ed29cdb5a277ba27d27f2d38e0cef661993f62d3e5
openshift-hyperkube-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.ppc64le.rpm SHA-256: 25e141e7531057c5fb3d426f1adf1c96d79127cd300b5436b534374768edea34

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.4 for RHEL 7

SRPM
jenkins-2-plugins-4.4.1611203637-1.el7.src.rpm SHA-256: e16f00c2aac80bcd3c60854bea41ee1e1eb2b95fbee4263ab4549bb124eb9009
openshift-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.src.rpm SHA-256: 34ba95a9c6c92d7ab6c7b476d6fcfd52744fd0bb811711940b59ae7799aad6c0
s390x
jenkins-2-plugins-4.4.1611203637-1.el7.noarch.rpm SHA-256: 9fa71cbbd641f18e2c9116ed29cdb5a277ba27d27f2d38e0cef661993f62d3e5
openshift-hyperkube-4.4.0-202101221150.p0.git.0.f7ab6b8.el7.s390x.rpm SHA-256: 95aa17e9a378862ba030f2f9d13b43f124d7ada4a62e7d56916c9c62ffd3d5a6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter