Issued:
2022-03-22
Updated:
2022-03-22

RHSA-2022:0870 - Security Advisory

Synopsis

Important: OpenShift Container Platform 4.7.45 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.7.45. is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.45. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:0873

Security Fix(es):

  • CRI-O: Arbitrary code execution in cri-o via abusing

“kernel.core_pattern” kernel parameter (CVE-2022-0811)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

  • BZ - 2059475 - CVE-2022-0811 CRI-O: Arbitrary code execution in cri-o via abusing “kernel.core_pattern” kernel parameter
  • BZ - 2064013 - Placeholder bug for OCP 4.7.0 rpm release

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.src.rpm SHA-256: bb0bdd27039e23e54bff4afb805bfb412f999780f159513c45cd1cbd4270f28b
openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.src.rpm SHA-256: afeb7728aeabd61dd7010f48530dff8471f4a131b094cd5788e4679bca6a7fbd
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.src.rpm SHA-256: f9396ced40c1cd6f7af1d3b0436326e4ada425a3d32d6968e79cbb78ce40a952
x86_64
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm SHA-256: 03b7ed82978f5c45a30d24b96be05d708cf537dc9fd323638f80008a00bd0978
cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm SHA-256: 3b98ef9e7d7a8412d2aeb1cb5eabc2be401973385a8a5257c637c72660e7b3c0
cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.x86_64.rpm SHA-256: eb32cf933ffa6b5142bd6fb20c6c04674ed900a74e370ffed73291b869fb66fe
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.x86_64.rpm SHA-256: d25c7b4639c2200780214ba9db94ba4c05cce266fe2ed56019d36eaf965b67cb
openshift-clients-redistributable-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.x86_64.rpm SHA-256: 2096a56f6bb397cc59741a9ae1556cecd37739abe28a4676a46e97fa3c4a7e6b
openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.x86_64.rpm SHA-256: a424079b648c02a43308c6ac431af4764ceb0a7ffad60456411056190856410e

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el7.src.rpm SHA-256: a2f82d7c75950fdc115a88b69bb32202c0f6f613371dce28f92a76e5a32061eb
openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el7.src.rpm SHA-256: a38cdba86d17028ca80cb5ea888542ceb679acee160e65c82779ed3e328c9ec0
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.src.rpm SHA-256: 227c2893c78c480c8b468a1792f0207795372751ab530c8dea9cce7292aef78d
x86_64
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el7.x86_64.rpm SHA-256: 692fcb6def6d53fa24415019f212edad308bbfaa44fb997bba248e09a3ebd11c
cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el7.x86_64.rpm SHA-256: 13872442c4e97dbafd2c3df1089967b4f4f64a572947020621cefe4d25a56b43
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.x86_64.rpm SHA-256: 95d6ad721575273561336e3ea4b0034b7c679adee785fd343d315f19e1cf6013
openshift-clients-redistributable-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el7.x86_64.rpm SHA-256: a9df01461c229c4836acc7aded59ba1403d4c52d07a4a92568ec7387cf0cf66f
openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el7.x86_64.rpm SHA-256: 9a371fc58e02240078e26b51d53018c3d173cc5418d8970017b8da6ab36feeed

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.src.rpm SHA-256: bb0bdd27039e23e54bff4afb805bfb412f999780f159513c45cd1cbd4270f28b
openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.src.rpm SHA-256: afeb7728aeabd61dd7010f48530dff8471f4a131b094cd5788e4679bca6a7fbd
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.src.rpm SHA-256: f9396ced40c1cd6f7af1d3b0436326e4ada425a3d32d6968e79cbb78ce40a952
ppc64le
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm SHA-256: 4cbabad880f04e39348c0dc01169951538ed626da160dde047fae68a15a453f9
cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm SHA-256: 7d63563756a6f9c91bfeea44871b6d1dbabe2fa336fa8ec945897eb823b5e7b9
cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.ppc64le.rpm SHA-256: 95724944db7bf1a671a75928e6392477d9d47f1b061055cf3bc95f72d93eaa7e
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.ppc64le.rpm SHA-256: 6912082a7ef22fd742bd26fb6caf5255f39a273a4ddaf5adfa1e0ac267f8cd87
openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.ppc64le.rpm SHA-256: 620a9b8c2f9516fbd228a202aeb2197f7f63e3dfd02d7f7d8014d17261b5d731

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.src.rpm SHA-256: bb0bdd27039e23e54bff4afb805bfb412f999780f159513c45cd1cbd4270f28b
openshift-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.src.rpm SHA-256: afeb7728aeabd61dd7010f48530dff8471f4a131b094cd5788e4679bca6a7fbd
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.src.rpm SHA-256: f9396ced40c1cd6f7af1d3b0436326e4ada425a3d32d6968e79cbb78ce40a952
s390x
cri-o-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm SHA-256: dc457e64f96cc3769926b1c42e975b81a9385368dc4c73b10d6484adde0b50fc
cri-o-debuginfo-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm SHA-256: 9e0e44b1977133d871bad8bb8c147fb3c910cfab951ae0ffbf3a1c631421d83b
cri-o-debugsource-1.20.6-11.rhaos4.7.git76ea3d0.el8.s390x.rpm SHA-256: ed5189dfcd7b93add3cff5e3c2f8347259b02f0e0292af333059474bcd6928d3
openshift-clients-4.7.0-202202231953.p0.gc4ebc7a.assembly.stream.el8.s390x.rpm SHA-256: 55117ee8541699b93394816e262575dedc92a2cc608e2b321905cb0ecfacef33
openshift-hyperkube-4.7.0-202203091647.p0.g0d60930.assembly.stream.el8.s390x.rpm SHA-256: 1906abe5121cf9e69e8fbf56bf486c2ddc85df65d272e8bbd8184e79057f7480

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.