Red Hat Product Errata RHSA-2021:1150 - Security Advisory

Issued:: 2021-04-20
Updated:: 2021-04-20

RHSA-2021:1150 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.7.7 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.7.7 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Security Fix(es):

containers/storage: DoS via malicious image (CVE-2021-20291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.7. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:1149

All OpenShift Container Platform 4.7 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster

between-minor.html#understanding-upgrade-channels_updating-cluster-between
minor

Solution

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

BZ - 1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
BZ - 1948423 - Placeholder bug for OCP 4.7.0 rpm release

CVEs

CVE-2021-20291

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm	SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm	SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
x86_64
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm	SHA-256: f3a5eaee9fccd03e47eeac8dd1f424df8e80d01adb6e78ed79d05a32ed180326
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm	SHA-256: 2cb8f4b5cc0eaf3bec48bd30ccddece9fdf2d04ed423f82129117864e184fc7a
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.x86_64.rpm	SHA-256: e74ff4a1db58ef80dcb3c8bab90a88fd37df5cfd2accdc9d90cdfa32220f8598
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.x86_64.rpm	SHA-256: 46bd2e3bbbe4548e7b91e8c88b1f6010c08d1a5ebd962d2f37dcbae9cbb5e4ae

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el7.src.rpm	SHA-256: 3395ca63f366097d106d02281837d4cd2f1c84b73541bc7c627c8a86a8fee5cf
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el7.src.rpm	SHA-256: a6df68197cd06e230bbe22e903024b2984cf4a233d362e156973eb8d5fc0ee20
x86_64
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el7.x86_64.rpm	SHA-256: 1f42e277b1cbce72c6b10fd00cf18d3075b9a6525b65e917f4c5b61703f77976
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el7.x86_64.rpm	SHA-256: f7d85b8c7250fd466fb541f1270251172cdbac5734ba2513a18eda68e6bfe61d
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el7.x86_64.rpm	SHA-256: 9aa4f6c96d910862ad582bc3e2f4a45362dafd338a2b3be59fed13c23ea9c0ed

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm	SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm	SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
ppc64le
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm	SHA-256: 249be5c87c2ac40471bd21611a309d5466f8996fddef2fe2e4997b786fffe3be
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm	SHA-256: c9231a58f7b54b8f8a8d8b06b90c4c6d0dbd910ec5d46f96194cad72f10e0f41
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.ppc64le.rpm	SHA-256: 442ed14b82f6e9ced78c6163b95adf571306631c562620d1a3862bdf02686ada
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.ppc64le.rpm	SHA-256: 88538812fe3ec7cf477909e83b5ba901f983811c4838862b95b1fb1c4a97ef85

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.src.rpm	SHA-256: 940905b6a15f63a91a8821aaa10e2b37574335b388c42f58e1119c0c34cb2845
openshift-4.7.0-202104090228.p0.git.97111.77863f8.el8.src.rpm	SHA-256: 1a33bfc562b65e6672da5bedd9c7ac99461815f11145662f896db64c3eeb8fd2
s390x
cri-o-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm	SHA-256: 028bed3ebcec12e5176333129c41c47cf29f6242f787091f7e3237f841d8755e
cri-o-debuginfo-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm	SHA-256: 93492d317998c9f6f980298a88a3d24aaf96129aafaabf9f04704ee869b4bb80
cri-o-debugsource-1.20.2-6.rhaos4.7.gitf1d5201.el8.s390x.rpm	SHA-256: f111f60900be82ec9284bdf52f3dcc250f2b896a624af33cab860493d849b933
openshift-hyperkube-4.7.0-202104090228.p0.git.97111.77863f8.el8.s390x.rpm	SHA-256: 31fb19f51ba39b15dab0c9574de953e4a3c48a3f141c11e216b1e5eb30b269eb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories