Issued:
2021-12-13
Updated:
2021-12-13

RHSA-2021:5002 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.9.11 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.11 is now available with
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.9.11. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2021:5003

All OpenShift Container Platform 4.9 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Security Fix(es):

  • haproxy: Incomplete fix for CVE-2021-39242 in OpenShift 4.9

(CVE-2021-4047)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

Solution

For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

  • BZ - 2027881 - CVE-2021-4047 haproxy: Incomplete fix for CVE-2021-39242 in OpenShift 4.9

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.src.rpm SHA-256: d3b226f8758c7224908ee2ccaeac32c76f219aa1e1d1464dc18d6f9c7531cf7e
haproxy-2.2.15-3.el8.src.rpm SHA-256: 4b6f310c3f681c4f17c6520abaa100a77c60b87cec2a176161d319a3aef1bb41
x86_64
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.x86_64.rpm SHA-256: 00c1340bc807079ef2636630b8b4712174583bd6246caa5041acd78cf5def115
cri-o-debuginfo-1.22.1-8.rhaos4.9.gite059965.el8.x86_64.rpm SHA-256: 79bcbfdef1e188687d714205a6bc30d1624f7a487d88cc95545a69fcdb423049
cri-o-debugsource-1.22.1-8.rhaos4.9.gite059965.el8.x86_64.rpm SHA-256: ed684b376e35af5533c2d77460951b640ee85679bcc7007680fd1292c093ac70
haproxy-debugsource-2.2.15-3.el8.x86_64.rpm SHA-256: 65b6e86f3601e2bcd535e3540d499a23dfd6c6390810dc31cb72621802863687

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.src.rpm SHA-256: d3b226f8758c7224908ee2ccaeac32c76f219aa1e1d1464dc18d6f9c7531cf7e
haproxy-2.2.15-3.el8.src.rpm SHA-256: 4b6f310c3f681c4f17c6520abaa100a77c60b87cec2a176161d319a3aef1bb41
ppc64le
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.ppc64le.rpm SHA-256: a4e3fe486a6e2b4003cc97880e751cc81ecd1bb669d8a1e4f62f8f1d7afc6850
cri-o-debuginfo-1.22.1-8.rhaos4.9.gite059965.el8.ppc64le.rpm SHA-256: 9a09e515dd624ccd64f4a2e4f02abd326e24ec7144ae59054ce8e032fe07885d
cri-o-debugsource-1.22.1-8.rhaos4.9.gite059965.el8.ppc64le.rpm SHA-256: d996141f382db0a212ec24e99fd0c9a710cce310559717b62fbf72a7a025893a
haproxy-debugsource-2.2.15-3.el8.ppc64le.rpm SHA-256: 654ecaa27eadd7c6a3afe7fd09410bddc011c45fd973d43a6f2a8bc9cf0063f0

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.src.rpm SHA-256: d3b226f8758c7224908ee2ccaeac32c76f219aa1e1d1464dc18d6f9c7531cf7e
haproxy-2.2.15-3.el8.src.rpm SHA-256: 4b6f310c3f681c4f17c6520abaa100a77c60b87cec2a176161d319a3aef1bb41
s390x
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.s390x.rpm SHA-256: 632c7b68c1d647bce31f54c9f16680896fd6b2839f557657dc88acce9306bd29
cri-o-debuginfo-1.22.1-8.rhaos4.9.gite059965.el8.s390x.rpm SHA-256: 10bfae1962fccec0a6236b9ed557e46cff80f3f92921206c6bad9d48b0a55417
cri-o-debugsource-1.22.1-8.rhaos4.9.gite059965.el8.s390x.rpm SHA-256: 12fbc09cb88d21d67c29a32ddef7fa58ea437db6146843bf38b523160050c4db
haproxy-debugsource-2.2.15-3.el8.s390x.rpm SHA-256: 2f4a9d4f842d59dc9324e1ebc859ef20c18a999ae817d08633249e4f56afa963

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.src.rpm SHA-256: d3b226f8758c7224908ee2ccaeac32c76f219aa1e1d1464dc18d6f9c7531cf7e
haproxy-2.2.15-3.el8.src.rpm SHA-256: 4b6f310c3f681c4f17c6520abaa100a77c60b87cec2a176161d319a3aef1bb41
aarch64
cri-o-1.22.1-8.rhaos4.9.gite059965.el8.aarch64.rpm SHA-256: 011d6f4cb61ac7738d68bf587a73a513329126c65bdb43a1b7f604755d436264
cri-o-debuginfo-1.22.1-8.rhaos4.9.gite059965.el8.aarch64.rpm SHA-256: 74448ffb448dcb343fb9772ea942e797d65da424b2c6cd76c2a818846947da71
cri-o-debugsource-1.22.1-8.rhaos4.9.gite059965.el8.aarch64.rpm SHA-256: c3f8ad031b3dbc69940827c5a3346358a9374a58409c18bcea4e2c1da8d2acca
haproxy-debugsource-2.2.15-3.el8.aarch64.rpm SHA-256: 8fbf070a6ee1f02be5c4099b8bd3e7e90d59066dad49a28f07e1d9648593cc68

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.