Red Hat Product Errata RHSA-2022:6535 - Security Advisory
Issued:
2022-09-20
Updated:
2022-09-20

RHSA-2022:6535 - Security Advisory

Synopsis

Low: OpenShift Container Platform 4.11.5 packages and security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.11.5 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2022:6536

Security Fix(es):

  • golang: crypto/tls: session tickets lack random ticket_age_add

(CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.11 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

Fixes

  • BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add

Red Hat OpenShift Container Platform 4.11 for RHEL 8

SRPM
cri-tools-1.24.2-6.el8.src.rpm SHA-256: 9b3ceab15807f7048679dcb3589ae395d78939439a222a68eaa852781e2c2a9c
openshift-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.src.rpm SHA-256: 44e03a635526ce0002fb680bd8e3df44e4d6322d28450f1cedc955a51e3f3340
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.src.rpm SHA-256: 283f430e33b1ebe7d69356da3f164a6ad5588627657c7f49a0d6527449312faa
python-sushy-4.1.2-0.20220908165021.1ae8e49.el8.src.rpm SHA-256: 4529e42b0c6affbef7c9b72de1cfaf03bc41d146738405ac5db92b2ef6d4c717
x86_64
cri-tools-1.24.2-6.el8.x86_64.rpm SHA-256: 4ff87de728526419f6e9d1814727f69e2660b408aca276048437fecd89297129
cri-tools-debuginfo-1.24.2-6.el8.x86_64.rpm SHA-256: 0ff6cb7e4fac4a4ba23f19e944ec261bebb6320a3b1e4f72f8650f2822d371b1
cri-tools-debugsource-1.24.2-6.el8.x86_64.rpm SHA-256: f76b58112744e0ac9500f4c56215eb6f458b52f99817524b033d916e87940f6f
openshift-hyperkube-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.x86_64.rpm SHA-256: 787f7d4acfacc2f54531a020a1e8bad7ba7e1d5c83e1f226065fe55325dc29cb
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: d9ee12c4412673acce66b4e21e1c928127e5f26f6c9678686f2780038db9a72c
openstack-ironic-api-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 8c3f97ecfa0002f94e6b63e7ac707f26f307bcd038f278550fcaad571da4ef1e
openstack-ironic-common-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 9d111143f04c284fcfdde8faf39d885cfd8ccdcb764e2633325c0ecc275137a1
openstack-ironic-conductor-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: c41c06c931dbeb4f6331fbeaca395324ccf186195cbbe2ed585e4dfc8bd19700
openstack-ironic-dnsmasq-tftp-server-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: ef3843b15dd1cab2a2c658598d5287805b653f8f54438c8a623e97110c78dc7a
python3-ironic-tests-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 480c1f28edb379f0eff08ee7874a331fd4e58328ee1da5c2efb8c2bf53ed181b
python3-sushy-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: f485753a5fa8bdbd0e25d82f867286d70abcd94bdc6b325bcca3863c78705226
python3-sushy-tests-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: 43323973d92d33496fe6b86afde4d23620bc908ebad1df2786c18ab396e5dc0c

Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8

SRPM
cri-tools-1.24.2-6.el8.src.rpm SHA-256: 9b3ceab15807f7048679dcb3589ae395d78939439a222a68eaa852781e2c2a9c
openshift-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.src.rpm SHA-256: 44e03a635526ce0002fb680bd8e3df44e4d6322d28450f1cedc955a51e3f3340
ppc64le
cri-tools-1.24.2-6.el8.ppc64le.rpm SHA-256: 6b7c36f72bb9abf6f54a31ff18cd94ddf167f8f9464f4ff9eeca81c85af0d782
cri-tools-debuginfo-1.24.2-6.el8.ppc64le.rpm SHA-256: fb0917418cdae49d091e8bf35008ffe345eccdb38c238d4193eb98ad907d8909
cri-tools-debugsource-1.24.2-6.el8.ppc64le.rpm SHA-256: 1190411b876d267f0002f50719b1afb4745a354a8b5067d4c24f36ef28801fdd
openshift-hyperkube-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.ppc64le.rpm SHA-256: 2a8ae9ef06530e28a60a0f101934f28d743c4c82e7a12c0ada771b8996c8e539
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: d9ee12c4412673acce66b4e21e1c928127e5f26f6c9678686f2780038db9a72c
openstack-ironic-api-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 8c3f97ecfa0002f94e6b63e7ac707f26f307bcd038f278550fcaad571da4ef1e
openstack-ironic-common-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 9d111143f04c284fcfdde8faf39d885cfd8ccdcb764e2633325c0ecc275137a1
openstack-ironic-conductor-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: c41c06c931dbeb4f6331fbeaca395324ccf186195cbbe2ed585e4dfc8bd19700
openstack-ironic-dnsmasq-tftp-server-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: ef3843b15dd1cab2a2c658598d5287805b653f8f54438c8a623e97110c78dc7a
python3-ironic-tests-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 480c1f28edb379f0eff08ee7874a331fd4e58328ee1da5c2efb8c2bf53ed181b
python3-sushy-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: f485753a5fa8bdbd0e25d82f867286d70abcd94bdc6b325bcca3863c78705226
python3-sushy-tests-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: 43323973d92d33496fe6b86afde4d23620bc908ebad1df2786c18ab396e5dc0c

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8

SRPM
cri-tools-1.24.2-6.el8.src.rpm SHA-256: 9b3ceab15807f7048679dcb3589ae395d78939439a222a68eaa852781e2c2a9c
openshift-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.src.rpm SHA-256: 44e03a635526ce0002fb680bd8e3df44e4d6322d28450f1cedc955a51e3f3340
s390x
cri-tools-1.24.2-6.el8.s390x.rpm SHA-256: fe516fccee13107a4a2fe1f4f1fa8251b1f47bc9d2bb0984d08eb17593880532
cri-tools-debuginfo-1.24.2-6.el8.s390x.rpm SHA-256: a8145eed60f4cc40cf2f062f747909accf5c56114246125aa7951b3d172da8c9
cri-tools-debugsource-1.24.2-6.el8.s390x.rpm SHA-256: 95ceb9c1a7d472e16d907af2359c10f5eaf75195cd9b087359c2d999d7c95c91
openshift-hyperkube-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.s390x.rpm SHA-256: 60b686357e70df4abb09d2dacaf631d2e24addc8f4655455bce006e505ae1c98
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: d9ee12c4412673acce66b4e21e1c928127e5f26f6c9678686f2780038db9a72c
openstack-ironic-api-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 8c3f97ecfa0002f94e6b63e7ac707f26f307bcd038f278550fcaad571da4ef1e
openstack-ironic-common-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 9d111143f04c284fcfdde8faf39d885cfd8ccdcb764e2633325c0ecc275137a1
openstack-ironic-conductor-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: c41c06c931dbeb4f6331fbeaca395324ccf186195cbbe2ed585e4dfc8bd19700
openstack-ironic-dnsmasq-tftp-server-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: ef3843b15dd1cab2a2c658598d5287805b653f8f54438c8a623e97110c78dc7a
python3-ironic-tests-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 480c1f28edb379f0eff08ee7874a331fd4e58328ee1da5c2efb8c2bf53ed181b
python3-sushy-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: f485753a5fa8bdbd0e25d82f867286d70abcd94bdc6b325bcca3863c78705226
python3-sushy-tests-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: 43323973d92d33496fe6b86afde4d23620bc908ebad1df2786c18ab396e5dc0c

Red Hat OpenShift Container Platform for ARM 64 4.11

SRPM
cri-tools-1.24.2-6.el8.src.rpm SHA-256: 9b3ceab15807f7048679dcb3589ae395d78939439a222a68eaa852781e2c2a9c
openshift-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.src.rpm SHA-256: 44e03a635526ce0002fb680bd8e3df44e4d6322d28450f1cedc955a51e3f3340
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.src.rpm SHA-256: 283f430e33b1ebe7d69356da3f164a6ad5588627657c7f49a0d6527449312faa
python-sushy-4.1.2-0.20220908165021.1ae8e49.el8.src.rpm SHA-256: 4529e42b0c6affbef7c9b72de1cfaf03bc41d146738405ac5db92b2ef6d4c717
aarch64
cri-tools-1.24.2-6.el8.aarch64.rpm SHA-256: 68c8f8964025f1602dba0c89ea8a039713aa03a85457a9a5b5e6344ce5547d3c
cri-tools-debuginfo-1.24.2-6.el8.aarch64.rpm SHA-256: 32fd50790f50485312f1a4b179ac9a898111110a1e36d419720b6f4a80a5b4b8
cri-tools-debugsource-1.24.2-6.el8.aarch64.rpm SHA-256: 0ebd06a9a534c4cd6df11a9abd64e44a440f39750fd9e450f3576e1f119bbb45
openshift-hyperkube-4.11.0-202209131648.p0.g3882f8f.assembly.stream.el8.aarch64.rpm SHA-256: a92f3ebc2de5543d0608ecfb63cc4fd4f9041c30aee0a74e0b104839324214ff
openstack-ironic-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: d9ee12c4412673acce66b4e21e1c928127e5f26f6c9678686f2780038db9a72c
openstack-ironic-api-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 8c3f97ecfa0002f94e6b63e7ac707f26f307bcd038f278550fcaad571da4ef1e
openstack-ironic-common-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 9d111143f04c284fcfdde8faf39d885cfd8ccdcb764e2633325c0ecc275137a1
openstack-ironic-conductor-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: c41c06c931dbeb4f6331fbeaca395324ccf186195cbbe2ed585e4dfc8bd19700
openstack-ironic-dnsmasq-tftp-server-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: ef3843b15dd1cab2a2c658598d5287805b653f8f54438c8a623e97110c78dc7a
python3-ironic-tests-20.2.1-0.20220902195023.ab80152.el8.noarch.rpm SHA-256: 480c1f28edb379f0eff08ee7874a331fd4e58328ee1da5c2efb8c2bf53ed181b
python3-sushy-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: f485753a5fa8bdbd0e25d82f867286d70abcd94bdc6b325bcca3863c78705226
python3-sushy-tests-4.1.2-0.20220908165021.1ae8e49.el8.noarch.rpm SHA-256: 43323973d92d33496fe6b86afde4d23620bc908ebad1df2786c18ab396e5dc0c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.