Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2021:2431 - Security Advisory
Issued:
2021-07-01
Updated:
2021-07-01

RHSA-2021:2431 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: OpenShift Container Platform 4.5.41 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.5.41 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of [[Important]]. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.5.41. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHSA-2021:2430

Security Fix(es):

  • jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks. (CVE-2021-21642)
  • jetty: local temporary directory hijacking vulnerability (CVE-2020-27216)
  • jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)
  • jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223)
  • jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints. (CVE-2021-21643)
  • jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. (CVE-2021-21644)
  • jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints. (CVE-2021-21645)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Placeholder bug for OCP 4.5.41 rpm release (BZ#1972114)

Solution

For OpenShift Container Platform 4.5 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.5/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x

Fixes

  • BZ - 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability
  • BZ - 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation
  • BZ - 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
  • BZ - 1952146 - CVE-2021-21642 jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.
  • BZ - 1952148 - CVE-2021-21643 jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
  • BZ - 1952151 - CVE-2021-21644 jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
  • BZ - 1952152 - CVE-2021-21645 jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
  • BZ - 1972114 - Placeholder bug for OCP 4.5.z rpm release

CVEs

  • CVE-2020-27216
  • CVE-2020-27218
  • CVE-2020-27223
  • CVE-2021-21642
  • CVE-2021-21643
  • CVE-2021-21644
  • CVE-2021-21645

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.5 for RHEL 8

SRPM
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.src.rpm SHA-256: 37041d55077d376c056c83b1d72fa7d3fb6f5c4b0b39dfafbe8a1630c233e463
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el8.src.rpm SHA-256: d6a9f364e9e5f231338a5db232d0caf09e844cb828a247a1f454b65449a2e42e
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.src.rpm SHA-256: 0e4cbbb2604b5927bf563686947d4131cefa2ffc321bd2e508061ba7496d48e5
openshift-kuryr-4.5.0-202106011407.p0.git.75cc301.el8.src.rpm SHA-256: 9200fe3b0def563714b2edb61e0ebde1e600ce0f5383827845108491159684f0
x86_64
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.x86_64.rpm SHA-256: 6032558d8b5e695cb504bcdb7da719639377dec73b769584bfa8dee8bd02efe4
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.x86_64.rpm SHA-256: 21a49c2c8bb06306cc7684c0cfec8477d61f11cef67103a4bd5350816601b370
openshift-clients-redistributable-4.5.0-202106011407.p0.git.297a4ac.el8.x86_64.rpm SHA-256: 22733d7edc58f8d70cdb9bd5bffd0855fab8ebaa000805c1b6830367a631e6ae
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.x86_64.rpm SHA-256: ce7932485edb8952160cc4a814c2daed197d0822ae29f83a51e29f337ca57bda
openshift-kuryr-cni-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: 34b02661f95a5928fa72e4bb7eeb747c1355d90848e8f03e3ed49303c4c83983
openshift-kuryr-common-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: a9277e751bdd8006826e8ee5facc149b79578468df24729f29b4a8e6136862e5
openshift-kuryr-controller-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: 62aef2101c0bc89ede9135254c953234a7dac85280c3ad4d3b236ff5600a4cd3
python3-kuryr-kubernetes-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: a260516f573f22a15e1914ddf40b75e66c3cfe2cc6eb8dcc2c5446fb30e66a01

Red Hat OpenShift Container Platform 4.5 for RHEL 7

SRPM
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.src.rpm SHA-256: 04b35a940524eef17c413bad5738ec33dd615bd8696124ce411742564cc18afa
jenkins-2-plugins-4.5.1623326336-1.el7.src.rpm SHA-256: afac623e0160b8e7a208b173833aad6b1925dda11234e702a8f959603406e57a
jenkins-2.277.3.1623846768-1.el7.src.rpm SHA-256: 91f45720c9cc02f2695a3b2e7dbc21f28c5f2efa1b86b9509c87ed944ebb5055
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el7.src.rpm SHA-256: 6ef67784b4b11d78f25616f7e225da38def8901708ef9d0dd87782b8d4a11e1b
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.src.rpm SHA-256: 7fafa93b3ccd716be0d4cdfe41dfbd25a742e820f7f38fc10b124430b2a63a4b
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.src.rpm SHA-256: 7c886ce4bf3013c52879ceb6cbed62f7264ecd0bb0808b79cfaea63631a8a645
x86_64
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.x86_64.rpm SHA-256: 40fd5f9314f68e21769e16841512b3cb7e4943850afc14c07ce9c474e7fbd9c2
jenkins-2-plugins-4.5.1623326336-1.el7.noarch.rpm SHA-256: 602cb8406641fed4d3c112c16be5e40983726925cbcb25f5f92666f606037cc3
jenkins-2.277.3.1623846768-1.el7.noarch.rpm SHA-256: c8fa2a3ed496bb7ac0202729fc676be683aff166e75fc98955ec3f8d72bf7a21
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: c82576c8767c84b2bc7da0bdf6802a8b3edcf1093e28389c1e4c99c25f576d1c
openshift-ansible-test-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: 780c1b58e6472d9adef3d432f26aea0939ba01e11b6d4da7d1db9e669a188edb
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.x86_64.rpm SHA-256: 8342b85f239fdff03bbee7a3d192965227602e23474ad5a9a921b132bbe223dc
openshift-clients-redistributable-4.5.0-202106011407.p0.git.297a4ac.el7.x86_64.rpm SHA-256: cd92966018784733d2042db87c9ae73d9242423e62e3e3a0adbea5c9bd4a0e20
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.x86_64.rpm SHA-256: 588509a5831e10ae06c87b51220b11985094d4c587fb15936e3920f700c3b26f

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8

SRPM
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.src.rpm SHA-256: 37041d55077d376c056c83b1d72fa7d3fb6f5c4b0b39dfafbe8a1630c233e463
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el8.src.rpm SHA-256: d6a9f364e9e5f231338a5db232d0caf09e844cb828a247a1f454b65449a2e42e
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.src.rpm SHA-256: 0e4cbbb2604b5927bf563686947d4131cefa2ffc321bd2e508061ba7496d48e5
openshift-kuryr-4.5.0-202106011407.p0.git.75cc301.el8.src.rpm SHA-256: 9200fe3b0def563714b2edb61e0ebde1e600ce0f5383827845108491159684f0
ppc64le
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.ppc64le.rpm SHA-256: 58573ed39ca60dcf74664ec5def053f1dba90c90315c1ddba3ef7df1c878250f
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.ppc64le.rpm SHA-256: 074d8bef1cbf4239138d01f4d8d193523aeeb932ebab37e01761ac9a106a9e49
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.ppc64le.rpm SHA-256: 7c82512f50cd4046c01a7d1425922e378cee2f9f0971e166da8a6e434cd902ed
openshift-kuryr-cni-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: 34b02661f95a5928fa72e4bb7eeb747c1355d90848e8f03e3ed49303c4c83983
openshift-kuryr-common-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: a9277e751bdd8006826e8ee5facc149b79578468df24729f29b4a8e6136862e5
openshift-kuryr-controller-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: 62aef2101c0bc89ede9135254c953234a7dac85280c3ad4d3b236ff5600a4cd3
python3-kuryr-kubernetes-4.5.0-202106011407.p0.git.75cc301.el8.noarch.rpm SHA-256: a260516f573f22a15e1914ddf40b75e66c3cfe2cc6eb8dcc2c5446fb30e66a01

Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7

SRPM
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.src.rpm SHA-256: 04b35a940524eef17c413bad5738ec33dd615bd8696124ce411742564cc18afa
jenkins-2-plugins-4.5.1623326336-1.el7.src.rpm SHA-256: afac623e0160b8e7a208b173833aad6b1925dda11234e702a8f959603406e57a
jenkins-2.277.3.1623846768-1.el7.src.rpm SHA-256: 91f45720c9cc02f2695a3b2e7dbc21f28c5f2efa1b86b9509c87ed944ebb5055
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el7.src.rpm SHA-256: 6ef67784b4b11d78f25616f7e225da38def8901708ef9d0dd87782b8d4a11e1b
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.src.rpm SHA-256: 7fafa93b3ccd716be0d4cdfe41dfbd25a742e820f7f38fc10b124430b2a63a4b
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.src.rpm SHA-256: 7c886ce4bf3013c52879ceb6cbed62f7264ecd0bb0808b79cfaea63631a8a645
ppc64le
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.ppc64le.rpm SHA-256: 7f35bc7bae6b874faae9fc7298d7b4b3553377d117763ef260c043036a218c17
jenkins-2-plugins-4.5.1623326336-1.el7.noarch.rpm SHA-256: 602cb8406641fed4d3c112c16be5e40983726925cbcb25f5f92666f606037cc3
jenkins-2.277.3.1623846768-1.el7.noarch.rpm SHA-256: c8fa2a3ed496bb7ac0202729fc676be683aff166e75fc98955ec3f8d72bf7a21
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: c82576c8767c84b2bc7da0bdf6802a8b3edcf1093e28389c1e4c99c25f576d1c
openshift-ansible-test-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: 780c1b58e6472d9adef3d432f26aea0939ba01e11b6d4da7d1db9e669a188edb
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.ppc64le.rpm SHA-256: ca0b4f4b3c139c4c114f4a1805453bdeca201dc550419150f9ac14adbd3552c0
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.ppc64le.rpm SHA-256: f3a35a60fa03e5749c2dc156ffac4870744eefe6aa1b49718c8dcbe4828bfdf9

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8

SRPM
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.src.rpm SHA-256: 37041d55077d376c056c83b1d72fa7d3fb6f5c4b0b39dfafbe8a1630c233e463
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el8.src.rpm SHA-256: d6a9f364e9e5f231338a5db232d0caf09e844cb828a247a1f454b65449a2e42e
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.src.rpm SHA-256: 0e4cbbb2604b5927bf563686947d4131cefa2ffc321bd2e508061ba7496d48e5
openshift-kuryr-4.5.0-202106011407.p0.git.75cc301.el8.src.rpm SHA-256: 9200fe3b0def563714b2edb61e0ebde1e600ce0f5383827845108491159684f0
s390x
machine-config-daemon-4.5.0-202106011407.p0.git.f003424.el8.s390x.rpm SHA-256: 7e4c205678d9ebbe42506b3fb90ef096de860543bfdcf9986220ed3cb790f2b6
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el8.s390x.rpm SHA-256: 458f02cfbfd3a95f2946618a51bddc4381ba23cd1b92a42cf06709c1db32f3a6
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el8.s390x.rpm SHA-256: f41091960a65f0313df060b36677c35de43ddb7971b2c105233fc0912179e09f

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7

SRPM
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.src.rpm SHA-256: 04b35a940524eef17c413bad5738ec33dd615bd8696124ce411742564cc18afa
jenkins-2-plugins-4.5.1623326336-1.el7.src.rpm SHA-256: afac623e0160b8e7a208b173833aad6b1925dda11234e702a8f959603406e57a
jenkins-2.277.3.1623846768-1.el7.src.rpm SHA-256: 91f45720c9cc02f2695a3b2e7dbc21f28c5f2efa1b86b9509c87ed944ebb5055
openshift-4.5.0-202106011407.p0.git.d8ef5ad.el7.src.rpm SHA-256: 6ef67784b4b11d78f25616f7e225da38def8901708ef9d0dd87782b8d4a11e1b
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.src.rpm SHA-256: 7fafa93b3ccd716be0d4cdfe41dfbd25a742e820f7f38fc10b124430b2a63a4b
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.src.rpm SHA-256: 7c886ce4bf3013c52879ceb6cbed62f7264ecd0bb0808b79cfaea63631a8a645
s390x
atomic-openshift-service-idler-4.5.0-202106011407.p0.git.39cfc66.el7.s390x.rpm SHA-256: d53581e12ae46475ac33f649d14f16b5b06b459f482d8a6f05711f9c3a58ebe9
jenkins-2-plugins-4.5.1623326336-1.el7.noarch.rpm SHA-256: 602cb8406641fed4d3c112c16be5e40983726925cbcb25f5f92666f606037cc3
jenkins-2.277.3.1623846768-1.el7.noarch.rpm SHA-256: c8fa2a3ed496bb7ac0202729fc676be683aff166e75fc98955ec3f8d72bf7a21
openshift-ansible-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: c82576c8767c84b2bc7da0bdf6802a8b3edcf1093e28389c1e4c99c25f576d1c
openshift-ansible-test-4.5.0-202106011407.p0.git.83db419.el7.noarch.rpm SHA-256: 780c1b58e6472d9adef3d432f26aea0939ba01e11b6d4da7d1db9e669a188edb
openshift-clients-4.5.0-202106011407.p0.git.297a4ac.el7.s390x.rpm SHA-256: 83cad03b106e640a9c75024f56687ec6dc096641c9325eece72bbd46e892f951
openshift-hyperkube-4.5.0-202106011407.p0.git.d8ef5ad.el7.s390x.rpm SHA-256: 1b63af71e2638ec546336e61587413b3847aef6ef3d1806c1cfb3d15c32d8638

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook