Red Hat Product Errata RHSA-2022:0927 - Security Advisory
Issued:
2022-03-21
Updated:
2022-03-21

RHSA-2022:0927 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.10.5 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.5 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.5. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2021:0982

Security Fix(es):

  • golang: net/http: limit growth of header canonicalization cache

(CVE-2021-44716)

  • golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.10 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
  • BZ - 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.src.rpm SHA-256: f1ca58802a752d08edaa36a06ff13936e73751e8cb17dc6ac4fd28e807a4ef5a
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.src.rpm SHA-256: b023f0e69fbb277433d5d96f907e2822a455c83daf448f812b946d5a08ac47d9
runc-1.1.0-2.rhaos4.10.el8.src.rpm SHA-256: 3f8a22dd1a33113b70ea671997e18163502e84955e6dce9375bef8225dee2706
x86_64
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.x86_64.rpm SHA-256: 0fdca87b8f437580003769d3d38a714069549577c3ff4868ffda5ad888a5e978
containernetworking-plugins-debuginfo-0.9.1-2.rhaos4.10.el8.x86_64.rpm SHA-256: 3459471431126119db6f6ebba3235747d53e91080a1bb050b1852cc56d8d8589
containernetworking-plugins-debugsource-0.9.1-2.rhaos4.10.el8.x86_64.rpm SHA-256: c3f9a9e77f69de9de9eb02c19bad6b0465a8bb3f2a41fbeb8c6e99b65d5f1de5
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.x86_64.rpm SHA-256: 881921ff677f2e9c2aea756a68d668dbdced84d593b9a3778688fa5719801f53
openshift-clients-redistributable-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.x86_64.rpm SHA-256: 7671b52451ec93a0ef397ecd464ea343650da49efe1070230db9721a65f51162
runc-1.1.0-2.rhaos4.10.el8.x86_64.rpm SHA-256: b1783ca2d1b8a4cf102f0e7988c531198aa6a77ca44a848025e47365e9326214
runc-debuginfo-1.1.0-2.rhaos4.10.el8.x86_64.rpm SHA-256: 454ebea052d40df918441efed0f72b572d066d05b4c34b29419640ca6bf389b3
runc-debugsource-1.1.0-2.rhaos4.10.el8.x86_64.rpm SHA-256: 7652cc9614788e1c9578002d8cebf4182b74865e2223ab9610b59c5e9dab1792

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM
openshift-ansible-4.10.0-202203112237.p0.g7ca0181.assembly.stream.el7.src.rpm SHA-256: fa3a0a75d6115e316932248f45364038869a6e88fc28765831e81408de4194ad
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el7.src.rpm SHA-256: 0b60a4a440fac5ef511b73087d9e8054b0915f469b84811f835a30e5b7d43782
x86_64
openshift-ansible-4.10.0-202203112237.p0.g7ca0181.assembly.stream.el7.noarch.rpm SHA-256: b6acc982caac8da26cdde921f05c8b2309d05d715eaffb6afacd1809e1344e4a
openshift-ansible-test-4.10.0-202203112237.p0.g7ca0181.assembly.stream.el7.noarch.rpm SHA-256: f79e2271f01200e3d1c099d55ac27eb1ecad9f7df0006ae076a86665623b2d73
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el7.x86_64.rpm SHA-256: 2722ae95075be6df4379fcce3ba077fc3a81691c2bf372f5aeca6283a5b9ee14
openshift-clients-redistributable-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el7.x86_64.rpm SHA-256: a685e6385c74c7b497dd8a36d2e6ff8ab63656e37586deded98bd54962a2c9df

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.src.rpm SHA-256: f1ca58802a752d08edaa36a06ff13936e73751e8cb17dc6ac4fd28e807a4ef5a
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.src.rpm SHA-256: b023f0e69fbb277433d5d96f907e2822a455c83daf448f812b946d5a08ac47d9
runc-1.1.0-2.rhaos4.10.el8.src.rpm SHA-256: 3f8a22dd1a33113b70ea671997e18163502e84955e6dce9375bef8225dee2706
ppc64le
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.ppc64le.rpm SHA-256: eb6baf8d04becaea400c79a8d46b54733fd5f8ea217bd82f63a641c0d7940d19
containernetworking-plugins-debuginfo-0.9.1-2.rhaos4.10.el8.ppc64le.rpm SHA-256: 94bf0c7bc215d3a3b1980100a769c91bd88a26ff0292dcdc1b5f51229232ae6c
containernetworking-plugins-debugsource-0.9.1-2.rhaos4.10.el8.ppc64le.rpm SHA-256: f57142480deca0c33698a50f9c25d0e1409731b17dbaa13c4cf5a0a135ef7078
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.ppc64le.rpm SHA-256: 1f87b10c41efc57abb51c4a3e6e7815344a3c9cbbee1f583f6dfecc7b10644c3
runc-1.1.0-2.rhaos4.10.el8.ppc64le.rpm SHA-256: ca6cb19a56e55bb0ad989ac6b8e2a6f0b8133e52ffc3dd485b52347c9d065b79
runc-debuginfo-1.1.0-2.rhaos4.10.el8.ppc64le.rpm SHA-256: 337da4b9ae0c4a2f5d4892270a7af8d5a533aa87151940f948beb5caccd02b70
runc-debugsource-1.1.0-2.rhaos4.10.el8.ppc64le.rpm SHA-256: 1d2f1bf480a8f13af0a2df4c170b17464fe7049ea0310509961c6993937a509f

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.src.rpm SHA-256: f1ca58802a752d08edaa36a06ff13936e73751e8cb17dc6ac4fd28e807a4ef5a
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.src.rpm SHA-256: b023f0e69fbb277433d5d96f907e2822a455c83daf448f812b946d5a08ac47d9
runc-1.1.0-2.rhaos4.10.el8.src.rpm SHA-256: 3f8a22dd1a33113b70ea671997e18163502e84955e6dce9375bef8225dee2706
s390x
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.s390x.rpm SHA-256: ab22790207d1aa67e49fb7d311ca7ab57964eff63fb9247e33549ffd1414a189
containernetworking-plugins-debuginfo-0.9.1-2.rhaos4.10.el8.s390x.rpm SHA-256: 3449a7c1b60b0c118922b424fbea7eac629741dbbbcfc850eb0fd69741054453
containernetworking-plugins-debugsource-0.9.1-2.rhaos4.10.el8.s390x.rpm SHA-256: 42fdc70a2c4827a450cb192d469938ca696a1ebb1753eee7c78859b060a54e7b
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.s390x.rpm SHA-256: df9b883407bff0f747d55b2c9d476d8b0e174a9c168ffd1a6ab9c74c41e4da88
runc-1.1.0-2.rhaos4.10.el8.s390x.rpm SHA-256: 850e96bc5695e033227dcd15c168a67e6a44ee54b351d027296262d0078cf084
runc-debuginfo-1.1.0-2.rhaos4.10.el8.s390x.rpm SHA-256: 8b09dfa17b9e1a25f0ca2182062bea171b7d66f0232c94c86621a9bcde4c9136
runc-debugsource-1.1.0-2.rhaos4.10.el8.s390x.rpm SHA-256: da1cbf7d0a50f1d75335a60529f253004c63a2e04b6d3748ab7fa722cfc08acd

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.src.rpm SHA-256: f1ca58802a752d08edaa36a06ff13936e73751e8cb17dc6ac4fd28e807a4ef5a
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.src.rpm SHA-256: b023f0e69fbb277433d5d96f907e2822a455c83daf448f812b946d5a08ac47d9
runc-1.1.0-2.rhaos4.10.el8.src.rpm SHA-256: 3f8a22dd1a33113b70ea671997e18163502e84955e6dce9375bef8225dee2706
aarch64
containernetworking-plugins-0.9.1-2.rhaos4.10.el8.aarch64.rpm SHA-256: 9a13e1cc0f4d555bf4ee296350b0c362644468bc6db5461878cfd8ace5062f16
containernetworking-plugins-debuginfo-0.9.1-2.rhaos4.10.el8.aarch64.rpm SHA-256: 99bc0022c9171ece1e95aefd07cbc55f8ce1649e52039cbed544f0cddfa6b73d
containernetworking-plugins-debugsource-0.9.1-2.rhaos4.10.el8.aarch64.rpm SHA-256: 5ac37ec747ac0b979929a71cbd349ffc42c1e6a6f2ca0b0d4f0c2fbf4ac1425e
openshift-clients-4.10.0-202203141248.p0.g6db43e2.assembly.stream.el8.aarch64.rpm SHA-256: 1d6ce6610474029a2fb55c24f69de6616f188329b8abf1459737a04dae17547d
runc-1.1.0-2.rhaos4.10.el8.aarch64.rpm SHA-256: d002f331caeb68e3afc6aa31b541b9711ad9cb74e4dac4436f225848ce597eae
runc-debuginfo-1.1.0-2.rhaos4.10.el8.aarch64.rpm SHA-256: 11e536a28e15cdeaac19a1c8e9f08eecc9fae13bdb3d6ed2dc17633b81f73859
runc-debugsource-1.1.0-2.rhaos4.10.el8.aarch64.rpm SHA-256: 75bb3528527cfe6fd65ed06697db0dbc6439e4550e7d0121a765a29229de674d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.