Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:1006 - Security Advisory
Issued:
2021-04-05
Updated:
2021-04-05

RHSA-2021:1006 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.7.5 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.7.5 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.5. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2021:1005

All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Security Fix(es):

  • gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Placeholder bug for OCP 4.7.0 rpm release (BZ#1944016)

Solution

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html.

Affected Products

  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

  • BZ - 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
  • BZ - 1944016 - Placeholder bug for OCP 4.7.0 rpm release

CVEs

  • CVE-2021-3114
  • CVE-2021-3121
  • CVE-2021-20218

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.src.rpm SHA-256: 6e3b9a177b144e1c821dd353263358eb9abe3594cc55159645a3fdef04038b0e
jenkins-2-plugins-4.7.1616671397-1.el8.src.rpm SHA-256: a89fd780bd40153ba79ee6bce1bf7dd3aecd7955769ae665fdce0392d93afbae
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.src.rpm SHA-256: 92abbf384502481d584ea16d39ceac294ec9fde79e52f28d8d6292b448e1d4ef
openshift-kuryr-4.7.0-202103241948.p0.git.2504.add19d0.el8.src.rpm SHA-256: 58a34c229626c4fc7c2da06c7c988d8779406e4a05cf9d0950bb773a2ed27b0d
x86_64
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.x86_64.rpm SHA-256: 8152d6f92e8ce411134e11be99a586fe34f119c38825b3532b6906e0995f51b0
cri-o-debuginfo-1.20.2-4.rhaos4.7.gitd5a999a.el8.x86_64.rpm SHA-256: 6872b370b021a552de0414ea7f20c40b88fc78eed378da65558489f06e9434cd
cri-o-debugsource-1.20.2-4.rhaos4.7.gitd5a999a.el8.x86_64.rpm SHA-256: a18c4ce062b60f098798a794eb05be98ff7409b26ab3aedb18087b12178feb73
jenkins-2-plugins-4.7.1616671397-1.el8.noarch.rpm SHA-256: 164a25150626e7740a7e47b412f9532451c55610f18eb8e4f0c728cb1f979bfb
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.x86_64.rpm SHA-256: 926080fe80608791b591550ef454a7b710347d44e6ff505a7331ebf6835e9589
openshift-clients-redistributable-4.7.0-202103251046.p0.git.3957.c4da68b.el8.x86_64.rpm SHA-256: dbbef7889f2d212abe9292dcc4b9593d37774af24f051266051119437a21f0f8
openshift-kuryr-cni-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: ef7feec1062eb32dd394fd9c698ca08f65f1463e03ccab7f6e3eff7f46671897
openshift-kuryr-common-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: f66429524a110477ac17735441fcd116d3ed6724e0e654cc7ad53dcb84640aa5
openshift-kuryr-controller-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 4be42ce91424131ee7fe017bf7e5a77df9cd39bf833616e9a89765c6f7d0effe
python3-kuryr-kubernetes-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 1a10ae3caf3fd0ad454fff64f90eb5c79daf53220415a906830b26223f1830ea

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el7.src.rpm SHA-256: 7f13e989492e5fab993f94ff4e32a1b80283c58f759c9f28880df3ff53e71071
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el7.src.rpm SHA-256: 157459a5b533520e63cd8c4a41a6f97b5a2be982f5d5d51498f495c63bd9df66
x86_64
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el7.x86_64.rpm SHA-256: 4bd864c740245a14e39d7c8b437865d2edb9b3b80a007794b81ea3292e1a6090
cri-o-debuginfo-1.20.2-4.rhaos4.7.gitd5a999a.el7.x86_64.rpm SHA-256: d11ebda068af9b31345918fdd86f6daba0133a4ba8fddbe38e660a186b92a34e
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el7.x86_64.rpm SHA-256: 341242e58434151c99d8b26bc49ffafe7a6813a3e5ee151be8a7832f1d0981f1
openshift-clients-redistributable-4.7.0-202103251046.p0.git.3957.c4da68b.el7.x86_64.rpm SHA-256: d5f551d4a58b07fc5a02b80f9858ea0e1d28c0dc70d19c899016fe717198c38c

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.src.rpm SHA-256: 6e3b9a177b144e1c821dd353263358eb9abe3594cc55159645a3fdef04038b0e
jenkins-2-plugins-4.7.1616671397-1.el8.src.rpm SHA-256: a89fd780bd40153ba79ee6bce1bf7dd3aecd7955769ae665fdce0392d93afbae
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.src.rpm SHA-256: 92abbf384502481d584ea16d39ceac294ec9fde79e52f28d8d6292b448e1d4ef
openshift-kuryr-4.7.0-202103241948.p0.git.2504.add19d0.el8.src.rpm SHA-256: 58a34c229626c4fc7c2da06c7c988d8779406e4a05cf9d0950bb773a2ed27b0d
ppc64le
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.ppc64le.rpm SHA-256: 2757ee58e29d98e105fcb7e4cf9881e96bb34be53abbacdf79e361991cb462e0
cri-o-debuginfo-1.20.2-4.rhaos4.7.gitd5a999a.el8.ppc64le.rpm SHA-256: 23fe67c473d92dba115294139cc1d9d244127d3cd7d003b2015c29407dfd8077
cri-o-debugsource-1.20.2-4.rhaos4.7.gitd5a999a.el8.ppc64le.rpm SHA-256: cebed0713a4690701d61bd2cccb005ce7d96dd7ceee557b90fdcc4f9ae40bc85
jenkins-2-plugins-4.7.1616671397-1.el8.noarch.rpm SHA-256: 164a25150626e7740a7e47b412f9532451c55610f18eb8e4f0c728cb1f979bfb
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.ppc64le.rpm SHA-256: cd6c73c3d7c041e85ff72ad6917af7721e503ba79642dc74f42cdfeef3acabdc
openshift-kuryr-cni-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: ef7feec1062eb32dd394fd9c698ca08f65f1463e03ccab7f6e3eff7f46671897
openshift-kuryr-common-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: f66429524a110477ac17735441fcd116d3ed6724e0e654cc7ad53dcb84640aa5
openshift-kuryr-controller-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 4be42ce91424131ee7fe017bf7e5a77df9cd39bf833616e9a89765c6f7d0effe
python3-kuryr-kubernetes-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 1a10ae3caf3fd0ad454fff64f90eb5c79daf53220415a906830b26223f1830ea

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.src.rpm SHA-256: 6e3b9a177b144e1c821dd353263358eb9abe3594cc55159645a3fdef04038b0e
jenkins-2-plugins-4.7.1616671397-1.el8.src.rpm SHA-256: a89fd780bd40153ba79ee6bce1bf7dd3aecd7955769ae665fdce0392d93afbae
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.src.rpm SHA-256: 92abbf384502481d584ea16d39ceac294ec9fde79e52f28d8d6292b448e1d4ef
openshift-kuryr-4.7.0-202103241948.p0.git.2504.add19d0.el8.src.rpm SHA-256: 58a34c229626c4fc7c2da06c7c988d8779406e4a05cf9d0950bb773a2ed27b0d
s390x
cri-o-1.20.2-4.rhaos4.7.gitd5a999a.el8.s390x.rpm SHA-256: 0688b5c017f50fc3695403b016ccf5f365982b93779c517c25c567d0ad02b085
cri-o-debuginfo-1.20.2-4.rhaos4.7.gitd5a999a.el8.s390x.rpm SHA-256: 42c987936eab12bee8fe6f04265326bdd1152d75fea80c2c76bab9055b4f01a7
cri-o-debugsource-1.20.2-4.rhaos4.7.gitd5a999a.el8.s390x.rpm SHA-256: 2ab1c618b55b1ad104d2037a6a7d6561ae4a2ae300adf386139357781e7be2fb
jenkins-2-plugins-4.7.1616671397-1.el8.noarch.rpm SHA-256: 164a25150626e7740a7e47b412f9532451c55610f18eb8e4f0c728cb1f979bfb
openshift-clients-4.7.0-202103251046.p0.git.3957.c4da68b.el8.s390x.rpm SHA-256: 59f452ef36af3bd7e26c48f8c2dc61ba092916fd7fda761c711064a3395eb7c2
openshift-kuryr-cni-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: ef7feec1062eb32dd394fd9c698ca08f65f1463e03ccab7f6e3eff7f46671897
openshift-kuryr-common-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: f66429524a110477ac17735441fcd116d3ed6724e0e654cc7ad53dcb84640aa5
openshift-kuryr-controller-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 4be42ce91424131ee7fe017bf7e5a77df9cd39bf833616e9a89765c6f7d0effe
python3-kuryr-kubernetes-4.7.0-202103241948.p0.git.2504.add19d0.el8.noarch.rpm SHA-256: 1a10ae3caf3fd0ad454fff64f90eb5c79daf53220415a906830b26223f1830ea

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility