Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2021:3248 - Security Advisory
Issued:
2021-08-31
Updated:
2021-08-31

RHSA-2021:3248 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.8.9 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.8.9 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.9. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2021:3247

Security Fix(es):

  • golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
  • golang: net: lookup functions may return invalid host names (CVE-2021-33195)
  • golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
  • golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
  • golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Solution

For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.8 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x

Fixes

  • BZ - 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header
  • BZ - 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
  • BZ - 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
  • BZ - 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
  • BZ - 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
  • BZ - 1996683 - Placeholder bug for OCP 4.8.0 rpm release
  • BZ - 1996707 - Placeholder bug for OCP 4.8.0 rpm release

CVEs

  • CVE-2021-31525
  • CVE-2021-33195
  • CVE-2021-33197
  • CVE-2021-33198
  • CVE-2021-34558

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.8 for RHEL 8

SRPM
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.src.rpm SHA-256: 531949447bb757947d8a65e1bbe8c6a6360666791c67c25a4493d990e11442a5
cri-tools-1.21.0-3.el8.src.rpm SHA-256: 02938c420f989c1c06c745b65f828df3f116ffdf73776ac73ce11b88b52c93a1
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.src.rpm SHA-256: ac60246bb6d081eb697beaeb08103113c3b277a3fee0204a1bf0b29af68e7269
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src.rpm SHA-256: 3a239a97d93dc6bc31e266e4816de2ef0ea450901dbc63c4bb62e508cb85db36
openstack-ironic-17.0.4-0.20210730151213.5b801be.el8.src.rpm SHA-256: 39b880cb086e22f99d151501fa9dd009ff23180a68fe073135c8364d5e25a75d
x86_64
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64.rpm SHA-256: fbb2344d23e8450b04b0d76b246a8e5fdfd5254f5a42b86ced45a76586fa6376
cri-o-debuginfo-1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64.rpm SHA-256: d202813c87ba1df110871aa7111d39815032625ab07fccad722f205f83e9a9cc
cri-o-debugsource-1.21.2-13.rhaos4.8.git52b3f98.el8.x86_64.rpm SHA-256: 890e8aded99f4dd995d384e7289803776c249898b5ec7e1b7a9419f52dc1d815
cri-tools-1.21.0-3.el8.x86_64.rpm SHA-256: 033565120ee96b9edd17069b23cdcfae3d471b4913c0f4b31c7a1f45fd10f634
cri-tools-debuginfo-1.21.0-3.el8.x86_64.rpm SHA-256: 661f6dd73260d568e5290699f9bdaac1d165f828d0b1a5b3bae815ca208c0048
cri-tools-debugsource-1.21.0-3.el8.x86_64.rpm SHA-256: 1d70d838b8c04a095df97cad36d422a287e0c10a366736831dec3b60fcf11868
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.x86_64.rpm SHA-256: 7154e944e859f5993fe15b852e9c824b4cf41a5783862282d3c1e65a3a04de63
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64.rpm SHA-256: 3e7f364df93879f8303c01f4bde94843d2d46e25e1545315a36dfe805d2c6029
openshift-clients-redistributable-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.x86_64.rpm SHA-256: 2e745619ba76ddb9ec16e3624f14b9008221bf201cf5d964af17baeafc2abc65
openstack-ironic-api-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 2ea95935e173444c08e498dc215458bb089cae6344f1123c1d8a3b47121979af
openstack-ironic-common-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: f0dc40ddce44947a09c0f30db1469dce0535ddecebeafc146e2f9f34e74c2c17
openstack-ironic-conductor-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 96ddcb40d5976f41da7cb735842109bb4d0d3f9dc5301bc1f1c4268d1cef7deb
prometheus-promu-0.5.0-4.git642a960.el8.x86_64.rpm SHA-256: ee2755484f46c3eb7daa21b7fa2ca489c975e7ba609bc21be8a1df19dba787d3
python3-ironic-tests-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 71018ff5fc97dce12f321f5290f5a6d1a0e99a939a5686d1bdf422e4dfd16e2e

Red Hat OpenShift Container Platform 4.8 for RHEL 7

SRPM
containernetworking-plugins-0.8.6-3.rhaos4.6.el7.src.rpm SHA-256: 092a1c1e69ee39cfda434c28251a7f51ab9af2fdb0744ddc5e16816cdc32a296
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el7.src.rpm SHA-256: d66737aa83fe1298784be603bfb4b280441a36c51c2ab0ef1e65da6cc6af21fa
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.src.rpm SHA-256: c7023fc052b59ba080c6be5a5399e0578d4683022e3249fc49093a3f55ba0a08
x86_64
containernetworking-plugins-0.8.6-3.rhaos4.6.el7.x86_64.rpm SHA-256: 021a2e6515805a48a330d259f13a277383998efdab5316db411c2696c4d654fa
containernetworking-plugins-debuginfo-0.8.6-3.rhaos4.6.el7.x86_64.rpm SHA-256: 01163107e9194aec9d04962c2e5961409b5e59662e31b121f16f7b0ff101fdc5
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64.rpm SHA-256: ca01fcf9a413a0914f8d9b2f2d00011721325a8ee7b9002ed4052e6f5715158f
cri-o-debuginfo-1.21.2-13.rhaos4.8.git52b3f98.el7.x86_64.rpm SHA-256: 34bf5136020ccc547ce9535afb2c8c55e4f387ce2c78a3e5ee5927e2224fd54e
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64.rpm SHA-256: 616018236d0fcaec4d7d58ff47845b2f5015ea2f0977f3c9c5c6fa1b9c36387b
openshift-clients-redistributable-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el7.x86_64.rpm SHA-256: 5e3e5a699622bf36aaef0e5be43565aa0abe8b51e6eee5df8c9179a3245a13d6

Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8

SRPM
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.src.rpm SHA-256: 531949447bb757947d8a65e1bbe8c6a6360666791c67c25a4493d990e11442a5
cri-tools-1.21.0-3.el8.src.rpm SHA-256: 02938c420f989c1c06c745b65f828df3f116ffdf73776ac73ce11b88b52c93a1
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.src.rpm SHA-256: ac60246bb6d081eb697beaeb08103113c3b277a3fee0204a1bf0b29af68e7269
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src.rpm SHA-256: 3a239a97d93dc6bc31e266e4816de2ef0ea450901dbc63c4bb62e508cb85db36
openstack-ironic-17.0.4-0.20210730151213.5b801be.el8.src.rpm SHA-256: 39b880cb086e22f99d151501fa9dd009ff23180a68fe073135c8364d5e25a75d
ppc64le
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le.rpm SHA-256: 818ba0337c7bd4226ded711f1d8b535c55bc8df7350ce44b3957e36005b1b068
cri-o-debuginfo-1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le.rpm SHA-256: 3a80f500fed007b74cbcf150f96faa4af4aff8bb98fbac284d22aa62b5d0f5da
cri-o-debugsource-1.21.2-13.rhaos4.8.git52b3f98.el8.ppc64le.rpm SHA-256: bb3494a1259c46fb4f632656fda674247129777106897b8c1f6ada3aa00aa23f
cri-tools-1.21.0-3.el8.ppc64le.rpm SHA-256: 700fe3e19117a92ebc362c35bf15311fac1711b7584062be43eac3c7bc5444b3
cri-tools-debuginfo-1.21.0-3.el8.ppc64le.rpm SHA-256: c69eb561e6293d55d5497c29d668566113c67c497951f473aee60d2e5487d198
cri-tools-debugsource-1.21.0-3.el8.ppc64le.rpm SHA-256: 30db4a71fb66eb2ed243ea8ee7491057446e9648e72ecd61fe5bb1cf7258f43e
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.ppc64le.rpm SHA-256: 3b23537a50ffea361d12f57de5fc4e59515d716d823c89fffe1bbda8c99d37c0
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.ppc64le.rpm SHA-256: 2e46f5f12613779f181495dc25aa18584c49b77df82d3b51ba478a017c57cfff
openstack-ironic-api-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 2ea95935e173444c08e498dc215458bb089cae6344f1123c1d8a3b47121979af
openstack-ironic-common-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: f0dc40ddce44947a09c0f30db1469dce0535ddecebeafc146e2f9f34e74c2c17
openstack-ironic-conductor-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 96ddcb40d5976f41da7cb735842109bb4d0d3f9dc5301bc1f1c4268d1cef7deb
prometheus-promu-0.5.0-4.git642a960.el8.ppc64le.rpm SHA-256: 4e79aec2a4f18bed7af4f34586396dc8813dd37d9b3c1fb5812908ac29a838e2
python3-ironic-tests-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 71018ff5fc97dce12f321f5290f5a6d1a0e99a939a5686d1bdf422e4dfd16e2e

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8

SRPM
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.src.rpm SHA-256: 531949447bb757947d8a65e1bbe8c6a6360666791c67c25a4493d990e11442a5
cri-tools-1.21.0-3.el8.src.rpm SHA-256: 02938c420f989c1c06c745b65f828df3f116ffdf73776ac73ce11b88b52c93a1
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.src.rpm SHA-256: ac60246bb6d081eb697beaeb08103113c3b277a3fee0204a1bf0b29af68e7269
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.src.rpm SHA-256: 3a239a97d93dc6bc31e266e4816de2ef0ea450901dbc63c4bb62e508cb85db36
openstack-ironic-17.0.4-0.20210730151213.5b801be.el8.src.rpm SHA-256: 39b880cb086e22f99d151501fa9dd009ff23180a68fe073135c8364d5e25a75d
s390x
cri-o-1.21.2-13.rhaos4.8.git52b3f98.el8.s390x.rpm SHA-256: ef0cc3cce60ebf86376ae5730fadac8071560200560f94de3cd01adaa0b8580e
cri-o-debuginfo-1.21.2-13.rhaos4.8.git52b3f98.el8.s390x.rpm SHA-256: 1fbf7d8e693f422d5d1d907d8ba702ffc43f0d12aef91b35d146c7348303f9c9
cri-o-debugsource-1.21.2-13.rhaos4.8.git52b3f98.el8.s390x.rpm SHA-256: a54f4f7db8c6fcc22e01ea4a65c53e5c54a71253aa1b8bd375a1e9ff4eabd356
cri-tools-1.21.0-3.el8.s390x.rpm SHA-256: d81fb9687d81115a53b3bf1e6c1ce53a57d9467c1e832888be85156ad921b98d
cri-tools-debuginfo-1.21.0-3.el8.s390x.rpm SHA-256: 778e0d3a1bb23bb9a8fa9212d3b3a143dd0ebf7e352a5da7eda7e83202d4800d
cri-tools-debugsource-1.21.0-3.el8.s390x.rpm SHA-256: 7cf2db76f67bf7f8ffd19ab871004cb95af43a3d06950d7beba4fb368b8395b3
golang-github-prometheus-promu-0.5.0-4.git642a960.el8.s390x.rpm SHA-256: 69c1298f4d0bc79088c0cf7e59911496bd10b16ce286e64b15c282c6d7728ed2
openshift-clients-4.8.0-202108120034.p0.git.0d10c3f.assembly.stream.el8.s390x.rpm SHA-256: 4fb747ada55f502df77fbc205dd217d297d86e6af2f8e492a8391093fbe3bede
openstack-ironic-api-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 2ea95935e173444c08e498dc215458bb089cae6344f1123c1d8a3b47121979af
openstack-ironic-common-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: f0dc40ddce44947a09c0f30db1469dce0535ddecebeafc146e2f9f34e74c2c17
openstack-ironic-conductor-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 96ddcb40d5976f41da7cb735842109bb4d0d3f9dc5301bc1f1c4268d1cef7deb
prometheus-promu-0.5.0-4.git642a960.el8.s390x.rpm SHA-256: 1c88f3f7257e413c2dd7e1b60a3697f461c0af21f072b103201f23c636f40b3e
python3-ironic-tests-17.0.4-0.20210730151213.5b801be.el8.noarch.rpm SHA-256: 71018ff5fc97dce12f321f5290f5a6d1a0e99a939a5686d1bdf422e4dfd16e2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook