Issued:
2022-01-12
Updated:
2022-01-12

RHSA-2022:0024 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.6.53 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.6.53 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:0025

Security Fix(es):

  • haproxy: an HTTP method name may contain a space followed by the name of

a protected resource (CVE-2021-39241)

  • haproxy: request smuggling attack or response splitting via duplicate

content-length header (CVE-2021-40346)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

  • BZ - 1995107 - CVE-2021-39241 haproxy: an HTTP method name may contain a space followed by the name of a protected resource
  • BZ - 2000599 - CVE-2021-40346 haproxy: request smuggling attack or response splitting via duplicate content-length header
  • BZ - 2037401 - Placeholder bug for OCP 4.6.0 rpm release

Red Hat OpenShift Container Platform 4.6 for RHEL 8

SRPM
haproxy-2.0.16-4.el8.src.rpm SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
x86_64
haproxy-debugsource-2.0.16-4.el8.x86_64.rpm SHA-256: 3e2b4a37647fb062acf8fd46550dd28dfaaa5dc79a93ac9f6e6b2ba82f091200
haproxy20-2.0.16-4.el8.x86_64.rpm SHA-256: 556ffb4049261d102805fffe0a13aeffb2ed9de8cdf329dc4f3b3b2fa693215a
haproxy20-debuginfo-2.0.16-4.el8.x86_64.rpm SHA-256: e406ce92912236727d28e4250aee09cdb16e0ca360909e82f3cc152dc5babde7
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.x86_64.rpm SHA-256: 45dd40654a2d45c8ba8ba13c03c0725b2839cb86eed7c405085a3f79f8899b31

Red Hat OpenShift Container Platform 4.6 for RHEL 7

SRPM
haproxy-2.0.16-2.el7.src.rpm SHA-256: f02743a6cb838ad9ba4bcf87e2b4f1bb68d2d8c7c45e88d8d4c6d88d28b179af
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el7.src.rpm SHA-256: 66a44333dabb9a2099dbc1b3061be36ba5623a5bfff0fc8ead3ad1a34649a4d0
x86_64
haproxy-debuginfo-2.0.16-2.el7.x86_64.rpm SHA-256: e0cac0580652842217f71f88d6c4aea9909033c6f4829bc2b7a0d57bc136130c
haproxy20-2.0.16-2.el7.x86_64.rpm SHA-256: 303bab128ea8e43881151ea40ef4138b67dc222fc1d856208330cd3b9b11f10c
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el7.x86_64.rpm SHA-256: 5584bca7a585ce55b08fcea74c0373c73350f82c12f1c5dd6cf21a8731ad93ea

Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8

SRPM
haproxy-2.0.16-4.el8.src.rpm SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
ppc64le
haproxy-debugsource-2.0.16-4.el8.ppc64le.rpm SHA-256: 43b0aa193260435c1a91a06453f25a2b13e8f59de3ca27a55bb69a023c29be35
haproxy20-2.0.16-4.el8.ppc64le.rpm SHA-256: 05a6aaa7134629e16bc6e81ee2a4aa674852512cea3cabc8045518d30ce25454
haproxy20-debuginfo-2.0.16-4.el8.ppc64le.rpm SHA-256: a6904e413dee6d2181b6fba59265e8d5cb6acd7d2c476a9c8a4db5571cb9ee4b
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.ppc64le.rpm SHA-256: 1011a6bf83ccb4978387aa11dc9fac8d1cdd09def726764864913bdfd6b81968

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8

SRPM
haproxy-2.0.16-4.el8.src.rpm SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
s390x
haproxy-debugsource-2.0.16-4.el8.s390x.rpm SHA-256: 95326aac82d96dcaaa04ae97fe4bbda0c20484039bbec73fdf23a444ac4cbb14
haproxy20-2.0.16-4.el8.s390x.rpm SHA-256: 5e6d555d54c05bee8af00447a6ee212af9633a98ad21ecd379994ba7021eb48e
haproxy20-debuginfo-2.0.16-4.el8.s390x.rpm SHA-256: 923eed8ed9c9fb5a59eadb1070c2ddd70175eabe9ebf799b83c45c5eb4cb4a01
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.s390x.rpm SHA-256: 29807970df3f077ff0faf59e5c51eb30e7a4565471de0b28cc6b06672e6fed79

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.