Issued:
2022-06-14
Updated:
2022-06-14

RHSA-2022:4972 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.9.38 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.9.38 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.9.38. See the following advisory for the container images for
this release:

https://access.redhat.com/errata/RHBA-2022:4973

Security Fix(es):

  • cri-o: memory exhaustion on the node when access to the kube api

(CVE-2022-1708)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.9 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.9 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.9 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.9 aarch64

Fixes

  • BZ - 2085361 - CVE-2022-1708 cri-o: memory exhaustion on the node when access to the kube api

Red Hat OpenShift Container Platform 4.9 for RHEL 8

SRPM
conmon-2.0.29-3.rhaos4.9.el8.src.rpm SHA-256: c700c39eab907389652d9974681e48299856ff199f9b77aadadff834c3ccfc53
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.src.rpm SHA-256: d22e79308816bec13e6bd38747f445a87016581eaff56ce56c77375bf3556911
x86_64
conmon-2.0.29-3.rhaos4.9.el8.x86_64.rpm SHA-256: 9b2cbf963ba78f1d51803958c85b2e23b98fdea8d9ba45d51c29dba843b0773d
conmon-debuginfo-2.0.29-3.rhaos4.9.el8.x86_64.rpm SHA-256: 0e984446f7ce07d810aab62facd1e141a12c9daa6032fe6a662dea4a3927af1b
conmon-debugsource-2.0.29-3.rhaos4.9.el8.x86_64.rpm SHA-256: cdbefdc4b3adff4a9f116600eef0d62cbd72c3c588793be27f58bb064e9bbb05
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.x86_64.rpm SHA-256: 0c8084055bf87cc168402f676b0e661d401b4ad757e3db7fc597dd6410dd512e
cri-o-debuginfo-1.22.5-3.rhaos4.9.gitb6d3a87.el8.x86_64.rpm SHA-256: d327061a5a2d54bf2db8e80a988b7e2ff7f74db2595ad805ff99dbe22b0e8dec
cri-o-debugsource-1.22.5-3.rhaos4.9.gitb6d3a87.el8.x86_64.rpm SHA-256: 802d45a12263835802b5cf500813ae9d6cf2a0c5691de88c7e2db51c5b2a757e

Red Hat OpenShift Container Platform 4.9 for RHEL 7

SRPM
conmon-2.0.29-3.rhaos4.9.el7.src.rpm SHA-256: edad9c6a19f854eb4533d7cc4628e8da7c7e6b3fee0946904a89af14c4c25ee3
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el7.src.rpm SHA-256: 562dca34df92bf5a6033a14d3aa6a3558c60be40579ebe20a9cf71d95235ec56
x86_64
conmon-2.0.29-3.rhaos4.9.el7.x86_64.rpm SHA-256: 954034a208b5907841988d83a80fded5ca0d5dd380be917979e8bfa818011fb0
conmon-debuginfo-2.0.29-3.rhaos4.9.el7.x86_64.rpm SHA-256: 0286bb5dccf11e977bbd9650994ae346234e8c79b1b74732c433d06d6cf9e6a2
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el7.x86_64.rpm SHA-256: 429ac685edd00db0fdd195871ce9e1cb34d2d56e7206c4834386a4d923ffb531
cri-o-debuginfo-1.22.5-3.rhaos4.9.gitb6d3a87.el7.x86_64.rpm SHA-256: a7f7b6eb1e96ff173305ea70b2e02aae9322dca76ce847ba0ca54e8b93c3223a

Red Hat OpenShift Container Platform for Power 4.9 for RHEL 8

SRPM
conmon-2.0.29-3.rhaos4.9.el8.src.rpm SHA-256: c700c39eab907389652d9974681e48299856ff199f9b77aadadff834c3ccfc53
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.src.rpm SHA-256: d22e79308816bec13e6bd38747f445a87016581eaff56ce56c77375bf3556911
ppc64le
conmon-2.0.29-3.rhaos4.9.el8.ppc64le.rpm SHA-256: 4538e6b4c5c386f0ca5ac20a62523b4cfca3e42119a4e5d1d7760dbc751d376a
conmon-debuginfo-2.0.29-3.rhaos4.9.el8.ppc64le.rpm SHA-256: ba955a4563aba99e838ddd9446cb0572ce4e6566c738755c07fdca07ae8351da
conmon-debugsource-2.0.29-3.rhaos4.9.el8.ppc64le.rpm SHA-256: 9c75c31a0395ee7befe4b4e1c58b9079ee93721b115d7d0521925b4a5db81d2d
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.ppc64le.rpm SHA-256: 9bd6d2207c3db9d0fa82da8b80ca296c0f18d2fe83220c4b9c887458dbf5dd1b
cri-o-debuginfo-1.22.5-3.rhaos4.9.gitb6d3a87.el8.ppc64le.rpm SHA-256: 31dd1942fd8f65a89856821f3eb46397857ec52021089cbacfe32ebb19c53d20
cri-o-debugsource-1.22.5-3.rhaos4.9.gitb6d3a87.el8.ppc64le.rpm SHA-256: 21eca076808270b24231a8095132ed573535885f0fca9b618bca16c0bce68285

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.9 for RHEL 8

SRPM
conmon-2.0.29-3.rhaos4.9.el8.src.rpm SHA-256: c700c39eab907389652d9974681e48299856ff199f9b77aadadff834c3ccfc53
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.src.rpm SHA-256: d22e79308816bec13e6bd38747f445a87016581eaff56ce56c77375bf3556911
s390x
conmon-2.0.29-3.rhaos4.9.el8.s390x.rpm SHA-256: 34efc63e223aa6e590b7b46257d30b812f97de2ca44b4f6bda2602bc2ad61654
conmon-debuginfo-2.0.29-3.rhaos4.9.el8.s390x.rpm SHA-256: 797c513f20fcfa73804479c6528117a97adc13f8e04b82daf87fbbc4d9983762
conmon-debugsource-2.0.29-3.rhaos4.9.el8.s390x.rpm SHA-256: b5b36b0070d592db78c611f78cf7bd23f5b9f2deef9904ca313d5d3a394985d0
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.s390x.rpm SHA-256: d9c63319eca18105ca7efbb90c2fbf9f872d2cc00822b8b0c5eab7509d22f3c0
cri-o-debuginfo-1.22.5-3.rhaos4.9.gitb6d3a87.el8.s390x.rpm SHA-256: 624ab9fc2477e1733025124a32732015dcb0299f5a436698db63ac915493ff9a
cri-o-debugsource-1.22.5-3.rhaos4.9.gitb6d3a87.el8.s390x.rpm SHA-256: de9cf39296c681efc12a8b71165389fdf513eb735841a4d478f8fd63af89a560

Red Hat OpenShift Container Platform for ARM 64 4.9

SRPM
conmon-2.0.29-3.rhaos4.9.el8.src.rpm SHA-256: c700c39eab907389652d9974681e48299856ff199f9b77aadadff834c3ccfc53
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.src.rpm SHA-256: d22e79308816bec13e6bd38747f445a87016581eaff56ce56c77375bf3556911
aarch64
conmon-2.0.29-3.rhaos4.9.el8.aarch64.rpm SHA-256: b451ac2d1c66e4a3a20d1bb345ef76e4ef8c73511ff6c3b9ecf59a3231f09527
conmon-debuginfo-2.0.29-3.rhaos4.9.el8.aarch64.rpm SHA-256: 668a32576825b4fb7f4d754d7c10e6694baf9ec28eb1259c8c1e6529ec397f36
conmon-debugsource-2.0.29-3.rhaos4.9.el8.aarch64.rpm SHA-256: 6bcfef91fbb03cffb2e5ea4bf4b0ba4bb07ffa231434fd96478629055cc8b4ce
cri-o-1.22.5-3.rhaos4.9.gitb6d3a87.el8.aarch64.rpm SHA-256: 637189af16a0a4866a20be2022b49e72a7ec65ad7c31e8d40d703095d1c77968
cri-o-debuginfo-1.22.5-3.rhaos4.9.gitb6d3a87.el8.aarch64.rpm SHA-256: 1d5999fae8989f95e1967a35c636e55bb966dea73cae2fe1a7306e1f35356c7b
cri-o-debugsource-1.22.5-3.rhaos4.9.gitb6d3a87.el8.aarch64.rpm SHA-256: f353b55a61c90342ec5df5e954e19926567655e001677af27050d6b5ed71ec07

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.