Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:1150 - Security Advisory
Issued:
2021-04-20
Updated:
2021-04-20

RHSA-2021:1150 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.7.7 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.7.7 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

  • containers/storage: DoS via malicious image (CVE-2021-20291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.7. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:1149

All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

  • between-minor.html#understanding-upgrade-channels_updating-cluster-between
  • minor

Solution

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

  • BZ - 1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
  • BZ - 1948423 - Placeholder bug for OCP 4.7.0 rpm release

CVEs

  • CVE-2021-20291

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
x86_64
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm SHA-256: f3a5eaee9fccd03e47eeac8dd1f424df8e80d01adb6e78ed79d05a32ed180326
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm SHA-256: 2cb8f4b5cc0eaf3bec48bd30ccddece9fdf2d04ed423f82129117864e184fc7a
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm SHA-256: e74ff4a1db58ef80dcb3c8bab90a88fd37df5cfd2accdc9d90cdfa32220f8598
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.x86_64.rpm SHA-256: 46bd2e3bbbe4548e7b91e8c88b1f6010c08d1a5ebd962d2f37dcbae9cbb5e4ae

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el7.src.rpm SHA-256: 3395ca63f366097d106d02281837d4cd2f1c84b73541bc7c627c8a86a8fee5cf
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el7.src.rpm SHA-256: a6df68197cd06e230bbe22e903024b2984cf4a233d362e156973eb8d5fc0ee20
x86_64
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el7.x86_64.rpm SHA-256: 1f42e277b1cbce72c6b10fd00cf18d3075b9a6525b65e917f4c5b61703f77976
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el7.x86_64.rpm SHA-256: f7d85b8c7250fd466fb541f1270251172cdbac5734ba2513a18eda68e6bfe61d
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el7.x86_64.rpm SHA-256: 9aa4f6c96d910862ad582bc3e2f4a45362dafd338a2b3be59fed13c23ea9c0ed

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
ppc64le
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm SHA-256: 249be5c87c2ac40471bd21611a309d5466f8996fddef2fe2e4997b786fffe3be
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm SHA-256: c9231a58f7b54b8f8a8d8b06b90c4c6d0dbd910ec5d46f96194cad72f10e0f41
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm SHA-256: 442ed14b82f6e9ced78c6163b95adf571306631c562620d1a3862bdf02686ada
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.ppc64le.rpm SHA-256: 88538812fe3ec7cf477909e83b5ba901f983811c4838862b95b1fb1c4a97ef85

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
s390x
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm SHA-256: 028bed3ebcec12e5176333129c41c47cf29f6242f787091f7e3237f841d8755e
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm SHA-256: 93492d317998c9f6f980298a88a3d24aaf96129aafaabf9f04704ee869b4bb80
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm SHA-256: f111f60900be82ec9284bdf52f3dcc250f2b896a624af33cab860493d849b933
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.s390x.rpm SHA-256: 31fb19f51ba39b15dab0c9574de953e4a3c48a3f141c11e216b1e5eb30b269eb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility