Issued:
2022-03-23
Updated:
2022-03-23

RHSA-2022:0866 - Security Advisory

Synopsis

Important: OpenShift Container Platform 4.6.56 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.6.56 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.56. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:0867

Security Fix(es):

  • CRI-O: Arbitrary code execution in cri-o via abusing

“kernel.core_pattern” kernel parameter (CVE-2022-0811)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

Fixes

  • BZ - 2059475 - CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter
  • BZ - 2064006 - Placeholder bug for OCP 4.6.0 rpm release

Red Hat OpenShift Container Platform 4.6 for RHEL 8

SRPM
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.src.rpm SHA-256: 063c0098e54fea4d0e9b78b61d69e42b41249bc67e2cb1ea46f4b5e9aee1272c
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.src.rpm SHA-256: cc994dbd889fb56434cafbf6ccb6e74587ef3aa3786d95a039db4e8f507680bf
openshift-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.src.rpm SHA-256: 67089e03555373f6251c817955f2a8033faf6e37096003b3a9761df783807c82
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.src.rpm SHA-256: 5e8f4ba78ba31dbd631c5bd82750b1383c1b89a54be4e7682710a354c8d4e73a
openshift-kuryr-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.src.rpm SHA-256: 80eee1f9712725b47c7095905909e5bea1e87ea8f433690322fc1e3b1ffec17b
x86_64
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.x86_64.rpm SHA-256: 1b7f79ae4a35c43028280dfb329621d234c050d11f3df96bf08b7244052ba3e8
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.x86_64.rpm SHA-256: 9b79bbbce5b7d70f19b0e96ef498ee99a925d71df234c56c1d36a649411b47ad
cri-o-debuginfo-1.19.5-3.rhaos4.6.git91f8458.el8.x86_64.rpm SHA-256: 20ad015186b2ace5302b296629fc03b4060a14bc966c0f25d443d7922aaecbdf
cri-o-debugsource-1.19.5-3.rhaos4.6.git91f8458.el8.x86_64.rpm SHA-256: b6309fa6f50fb9e4d5e4b137d5a8a41964a5ccdb8a724c3def02b0870202cfb7
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.x86_64.rpm SHA-256: 67e87d785355dc97868382eed6433f7c483cfb3aa062675f1b44b09535c94337
openshift-clients-redistributable-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.x86_64.rpm SHA-256: 9a2a858566afe396bc41e63fb6765e200b5e5632753133ca1deb9eeb3c85b06e
openshift-hyperkube-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.x86_64.rpm SHA-256: 027d3ea9f4007e6d20c465480b255efb545f9f3256756b3e658f3c514037122f
openshift-kuryr-cni-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 327b713923f7acf4679eed80fecd32e876d1ae86b374a5bf0fbc94247e55e92f
openshift-kuryr-common-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 7119d7c8629dbcbd6a10baecd4a8c1edb28b3e33490bd2276a443c25ff7335f8
openshift-kuryr-controller-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: e9990d2e04e1c6f8265c1c0bc49c936399587e9ebbb2e9e1a437bc51e44909aa
python3-kuryr-kubernetes-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: b09c0c142922ed8f21500199f0af0057a30f5d221a82da80f2244e3b37ff933a

Red Hat OpenShift Container Platform 4.6 for RHEL 7

SRPM
cri-o-1.19.5-3.rhaos4.6.git91f8458.el7.src.rpm SHA-256: 7d3a7cfad663aa3ef0deb0b90558c4433a0bc87c4c0f3e17d3881041fa0d923a
openshift-4.6.0-202203110946.p0.g6175753.assembly.stream.el7.src.rpm SHA-256: d5ff533efb1dde80271eb7b0c369ef86e2f821264ce7a13146495ad3861e00f4
openshift-ansible-4.6.0-202202251050.p0.g87e9f0c.assembly.stream.el7.src.rpm SHA-256: 97aa29f509d9f51f38ce159c8c167fd5714cd262ef6d22a643776a89ed6459ef
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el7.src.rpm SHA-256: 117e5fb3feb928c28edb8a50b1e08550e3661ecdd40eca052751f04b150f4e5a
x86_64
cri-o-1.19.5-3.rhaos4.6.git91f8458.el7.x86_64.rpm SHA-256: 28b410a97819ecfc79cd65579beaeb0188f05fec1af035376a9e62c3440e19fc
cri-o-debuginfo-1.19.5-3.rhaos4.6.git91f8458.el7.x86_64.rpm SHA-256: 48c8a13cd88d571fe23026805fca6bc373c49c30f4cb3fcaaf5eb871c1fa8f94
openshift-ansible-4.6.0-202202251050.p0.g87e9f0c.assembly.stream.el7.noarch.rpm SHA-256: f49fef26baedeaa839d64e1e7accc2a0faeba239f963ffad0c2168048fac4b70
openshift-ansible-test-4.6.0-202202251050.p0.g87e9f0c.assembly.stream.el7.noarch.rpm SHA-256: 3405f3cf390f3f1729966a7439a3abebbf5c7482e7b1039a59b502be4c9a560b
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el7.x86_64.rpm SHA-256: c8897cf7b4e0ddd44a3453aa51b790d25881db4ca1852207feca2085f02bcfc7
openshift-clients-redistributable-4.6.0-202203011423.p0.gb153f08.assembly.stream.el7.x86_64.rpm SHA-256: 40bacaf249c939142ef17c5189209f4117e03ddb5d35f2b050612ce1a9131785
openshift-hyperkube-4.6.0-202203110946.p0.g6175753.assembly.stream.el7.x86_64.rpm SHA-256: 89e68a3c249df52c645afe43d5dc1ebb31acc0c56b0d638c85f3321527c6431c

Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8

SRPM
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.src.rpm SHA-256: 063c0098e54fea4d0e9b78b61d69e42b41249bc67e2cb1ea46f4b5e9aee1272c
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.src.rpm SHA-256: cc994dbd889fb56434cafbf6ccb6e74587ef3aa3786d95a039db4e8f507680bf
openshift-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.src.rpm SHA-256: 67089e03555373f6251c817955f2a8033faf6e37096003b3a9761df783807c82
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.src.rpm SHA-256: 5e8f4ba78ba31dbd631c5bd82750b1383c1b89a54be4e7682710a354c8d4e73a
openshift-kuryr-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.src.rpm SHA-256: 80eee1f9712725b47c7095905909e5bea1e87ea8f433690322fc1e3b1ffec17b
ppc64le
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.ppc64le.rpm SHA-256: 603be7bb6a55e8f4eba80168327242e09112fa6882cb4fa2f7fd2b5ed3f3224f
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.ppc64le.rpm SHA-256: 8824af122a5dbe0a11546ebd2d826008eb245150e49d69f1ead93ec5fffb1451
cri-o-debuginfo-1.19.5-3.rhaos4.6.git91f8458.el8.ppc64le.rpm SHA-256: 307a6268b0675ecbb6d4d11a7b6605492e04c1af0268322d9a12f88cd7a84c56
cri-o-debugsource-1.19.5-3.rhaos4.6.git91f8458.el8.ppc64le.rpm SHA-256: a5e38dd23d58bcbd4f64f6333e980185e69261208a42b29a1ccdd3c25847537a
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.ppc64le.rpm SHA-256: 3cb2609aeaadb73155b715e55e25d40fb09dbb61adcf44b7d386ba6fb53113ed
openshift-hyperkube-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.ppc64le.rpm SHA-256: 1576090fd8d90e33e694f4b136f9b78a3d8aa98ffce9d548c2bfb06116547f75
openshift-kuryr-cni-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 327b713923f7acf4679eed80fecd32e876d1ae86b374a5bf0fbc94247e55e92f
openshift-kuryr-common-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 7119d7c8629dbcbd6a10baecd4a8c1edb28b3e33490bd2276a443c25ff7335f8
openshift-kuryr-controller-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: e9990d2e04e1c6f8265c1c0bc49c936399587e9ebbb2e9e1a437bc51e44909aa
python3-kuryr-kubernetes-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: b09c0c142922ed8f21500199f0af0057a30f5d221a82da80f2244e3b37ff933a

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8

SRPM
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.src.rpm SHA-256: 063c0098e54fea4d0e9b78b61d69e42b41249bc67e2cb1ea46f4b5e9aee1272c
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.src.rpm SHA-256: cc994dbd889fb56434cafbf6ccb6e74587ef3aa3786d95a039db4e8f507680bf
openshift-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.src.rpm SHA-256: 67089e03555373f6251c817955f2a8033faf6e37096003b3a9761df783807c82
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.src.rpm SHA-256: 5e8f4ba78ba31dbd631c5bd82750b1383c1b89a54be4e7682710a354c8d4e73a
openshift-kuryr-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.src.rpm SHA-256: 80eee1f9712725b47c7095905909e5bea1e87ea8f433690322fc1e3b1ffec17b
s390x
atomic-openshift-service-idler-4.6.0-202202251050.p0.g39cfc66.assembly.stream.el8.s390x.rpm SHA-256: ba5e5d3c041586431567554a4732ab2ccfdfcf88a966faf7e276cd1a1628b271
cri-o-1.19.5-3.rhaos4.6.git91f8458.el8.s390x.rpm SHA-256: 2595b4f21ca9f874a87cc6ee18126be3e5c1a133ee85d7dad6f73ded8d472df5
cri-o-debuginfo-1.19.5-3.rhaos4.6.git91f8458.el8.s390x.rpm SHA-256: 54c5ea591e2805fdc320a503c04bbc69b6cc73e633068af8d597ae7fdeda590f
cri-o-debugsource-1.19.5-3.rhaos4.6.git91f8458.el8.s390x.rpm SHA-256: 8b22baa00f55b435687e7032b7f414ab229dc7d649d08b6fe563c89c6a7b86d4
openshift-clients-4.6.0-202203011423.p0.gb153f08.assembly.stream.el8.s390x.rpm SHA-256: 3214be9d20b8171e56bcfb97db8d323726abd75d0a8b16c6fa8f3b833bedd7a9
openshift-hyperkube-4.6.0-202203110946.p0.g6175753.assembly.stream.el8.s390x.rpm SHA-256: 86c20f35b19032573f26afa5e32625d9ba4195a718de8bb3c501b45ad4d71586
openshift-kuryr-cni-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 327b713923f7acf4679eed80fecd32e876d1ae86b374a5bf0fbc94247e55e92f
openshift-kuryr-common-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: 7119d7c8629dbcbd6a10baecd4a8c1edb28b3e33490bd2276a443c25ff7335f8
openshift-kuryr-controller-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: e9990d2e04e1c6f8265c1c0bc49c936399587e9ebbb2e9e1a437bc51e44909aa
python3-kuryr-kubernetes-4.6.0-202202251050.p0.g74cd766.assembly.stream.el8.noarch.rpm SHA-256: b09c0c142922ed8f21500199f0af0057a30f5d221a82da80f2244e3b37ff933a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.