- Issued:
- 2022-10-19
- Updated:
- 2022-10-19
RHSA-2022:7058 - Security Advisory
Synopsis
Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
OpenShift sandboxed containers 1.3.1 is now available.
Description
OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.
This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix.
Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the following Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:
Solution
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html
Affected Products
- Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Fixes
- BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
- BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- BZ - 2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor
- KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]
- KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]
- KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator
- KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]
CVEs
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
