Issued:
2021-05-26
Updated:
2021-05-26

RHSA-2021:2057 - Security Advisory

Synopsis

Important: OpenShift Container Platform 4.5.40 security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.5.40 is now available with
updates to packages and images that fix several bugs.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.5.40. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:2056

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

  • runc: vulnerable to symlink exchange attack (CVE-2021-30465)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.5 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x

Fixes

  • BZ - 1954736 - CVE-2021-30465 runc: vulnerable to symlink exchange attack
  • BZ - 1962453 - Placeholder bug for OCP 4.5.z rpm release

Red Hat OpenShift Container Platform 4.5 for RHEL 8

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el8.src.rpm SHA-256: a868d1a4a438431afc701d7df51ffcf98a7952c632968af64ab382993d894c67
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.src.rpm SHA-256: cf6a91927074d7d3d6c7ac946c63e259e744865742587e269da10bfcc6134dfb
x86_64
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el8.x86_64.rpm SHA-256: b6ccc1ce1db37da4bb272fbda79443051463f0d2ab12c7ec162cd5d9f2ebe5f9
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.x86_64.rpm SHA-256: 21e627e59ec25e59a64e3dab918768868ae09c8fcb6d8f2a854dd2b5de5715cf
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el8.x86_64.rpm SHA-256: 98e8d65fe6600a5a7e100a05b264f37314a5cb108a50adbb79fee63b2bff09bb
runc-debugsource-1.0.0-74.rhaos4.5.gitd2c3b70.el8.x86_64.rpm SHA-256: 64c6f44f7410c220a328adcf436b88aea0e3026aae0535f22b94039dd3672e17

Red Hat OpenShift Container Platform 4.5 for RHEL 7

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el7.src.rpm SHA-256: 172d2b8be9746506e126eaa29973d169b14903496be96e6539ddd66899f19bea
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.src.rpm SHA-256: c0ff626973d89dcb2190ddd61d3143f0c8b330522f155d0f369a8e31ad82aba8
x86_64
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el7.x86_64.rpm SHA-256: 38f63091e2bf731fff93733e3bb8e4906a2d9c2a3c512abe94dbccf5de4eb048
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.x86_64.rpm SHA-256: 898b47812063a79ca7d91f95ddd3a3067819100aaa96663660a138961eab54ee
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el7.x86_64.rpm SHA-256: c9ee598d63f2fec0379a27ad136702b8416748e4afbaa75e295a411c1cbf1330

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el8.src.rpm SHA-256: a868d1a4a438431afc701d7df51ffcf98a7952c632968af64ab382993d894c67
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.src.rpm SHA-256: cf6a91927074d7d3d6c7ac946c63e259e744865742587e269da10bfcc6134dfb
ppc64le
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el8.ppc64le.rpm SHA-256: cac7fd836c488e9decb56506f4d9e48c2d5e817fe937d1d689771e64f9751cbc
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.ppc64le.rpm SHA-256: 1b33929269187a7396d40e82e78fbc01f875d7a4b4cd69e4e20ff894128fc2c1
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el8.ppc64le.rpm SHA-256: b25400853560cf31475e278bae76701f4a4f6969c96995ca969334185e442900
runc-debugsource-1.0.0-74.rhaos4.5.gitd2c3b70.el8.ppc64le.rpm SHA-256: 3578ce5db20c30102399ca89b32e8c4988731a5a80aad54cbd728c58d28fff00

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el7.src.rpm SHA-256: 172d2b8be9746506e126eaa29973d169b14903496be96e6539ddd66899f19bea
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.src.rpm SHA-256: c0ff626973d89dcb2190ddd61d3143f0c8b330522f155d0f369a8e31ad82aba8
ppc64le
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el7.ppc64le.rpm SHA-256: 140d9592ab41cf1d9518390a4f7d960a8c0a2233a45136d6aa400c32db10f1e1
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.ppc64le.rpm SHA-256: c063c1bc4f8393d02d1ca195a03a3b7025ea840380c4f6eee2182e1a5d6c7fe4
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el7.ppc64le.rpm SHA-256: f0aeeb7c4fe589008a7cd6a6905a300211f742bb9f7fcbaace8d43ffc1201124

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el8.src.rpm SHA-256: a868d1a4a438431afc701d7df51ffcf98a7952c632968af64ab382993d894c67
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.src.rpm SHA-256: cf6a91927074d7d3d6c7ac946c63e259e744865742587e269da10bfcc6134dfb
s390x
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el8.s390x.rpm SHA-256: 016832e5f9ae89540289ce1e2e305f72dac3fabf91847da22ac6956529194c32
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el8.s390x.rpm SHA-256: 5d3d78305a264fbefd6db6a0bc54efdfae2270ddf83b6be0d9966e84f6139391
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el8.s390x.rpm SHA-256: 77718272ce22053f06f8279b3b5abc986621f8622318447d93ee402c8025c832
runc-debugsource-1.0.0-74.rhaos4.5.gitd2c3b70.el8.s390x.rpm SHA-256: 60c41c030a60065ad0d9e7a5982b267e02c12664c9114c1d0192e41c0fee3a08

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7

SRPM
openshift-4.5.0-202105121820.p0.git.d8ef5ad.el7.src.rpm SHA-256: 172d2b8be9746506e126eaa29973d169b14903496be96e6539ddd66899f19bea
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.src.rpm SHA-256: c0ff626973d89dcb2190ddd61d3143f0c8b330522f155d0f369a8e31ad82aba8
s390x
openshift-hyperkube-4.5.0-202105121820.p0.git.d8ef5ad.el7.s390x.rpm SHA-256: 27c01b168a1bc23637b11901216fa7a1a650ae74730a7054f204168c3329eede
runc-1.0.0-74.rhaos4.5.gitd2c3b70.el7.s390x.rpm SHA-256: 3018f668c8cd45d5b7fb924949b54a9ff6868f1b8a5bb0f16b16562549e2dec6
runc-debuginfo-1.0.0-74.rhaos4.5.gitd2c3b70.el7.s390x.rpm SHA-256: 533f56a4cd5e3fac7cfc4bec5f96307369c1452170beab372fefbc0e94425cd0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.