Red Hat Product Errata RHSA-2023:1030 - Security Advisory

Issued:: 2023-03-07
Updated:: 2023-03-07

RHSA-2023:1030 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: OpenShift Container Platform 4.11.30 security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.11.30 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.30. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:1029

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Solution

For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)
The image digest is sha256:8230ca19fea80ef02f255a9f92688aa2639f68739a2b69114bf9af06080f9edc

(For s390x architecture)
The image digest is sha256: 7fe1ffe6514c1eceeaacb49ea2319a1489b0a3d9a30cdd6fc39ab7cf3c94ce1c

(For ppc64le architecture)
The image digest is sha256:aae8c6ea3512a3bd625c1c7add0ff98d08d1ad1df30b6ecf367fb80bf3169051

(For aarch64 architecture)
The image digest is sha256:182556f517d6a488cab03468cc1f7d977f46628ec9106465fea36ce2ae358b4d

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

Fixes

BZ - 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests
OCPBUGS-6834 - [release-4.11] Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics
OCPBUGS-7174 - [OVN] DHCP timeouts on Azure arm64, install fails
OCPBUGS-7494 - Broken secret created while starting a Pipeline
OCPBUGS-7526 - [4.11] Add new regions for ROSA
OCPBUGS-7530 - [4.11] Bootimage bump tracker
OCPBUGS-7814 - [release-4.11] [AWS EFS] NFS mount disconnects and becomes unavailable.
OCPBUGS-7851 - Placeholder bug for OCP 4.11.0 rpm release

CVEs

CVE-2022-41717

References

aarch64

openshift4/driver-toolkit-rhel8@sha256:92a2321c500156cd3fc7b5bf410bd1220684a3aaad2e34ea910061c442e168df

openshift4/network-tools-rhel8@sha256:fcb03bcd25b9b7021342b328afcf3e2d13348ab7ab9076e551eacca9e8816c49

openshift4/ose-baremetal-installer-rhel8@sha256:57b11dc5480274fb95581026020f68c4e9194bf23b4f6920acf86b6cb1b5e2d4

openshift4/ose-cluster-kube-apiserver-operator@sha256:258bd32a210378e63ef771d66ae49423e1788d315eb2b0f2b1cf7d3b8d51b338

openshift4/ose-cluster-kube-controller-manager-operator@sha256:640576e95ce4d5a6ef60d72246ef41e2f63e2f8010b6c170f5959461d99e232d

openshift4/ose-cluster-kube-scheduler-operator@sha256:467950d5f74bde1583335f31bc9ce968b63559c749a12c580a6d33f594006691

openshift4/ose-cluster-network-operator@sha256:fe55239a80eea076d1db27d7bc28a2e027958c18cbcd7414b7d8519a7b90b5b6

openshift4/ose-cluster-node-tuning-operator@sha256:837d7fa2b7c77a3428f9347ba1bee94f94425eb577cfd1f1918c375ad50c0c5c

openshift4/ose-console@sha256:edc2c209b599cffcdf347e7df90b9ede6fd75b0b843a80fd64f08cfe1e07b0be

openshift4/ose-insights-rhel8-operator@sha256:b9eb3dc272caf9c5c71487bf014112e59f093a71d2ee5aa384328be6e7040133

openshift4/ose-installer@sha256:c302272b1de606c6bee54fe1682d311ead48d4c4cef7069e0b218d870afb1060

openshift4/ose-installer-artifacts@sha256:6d4dea20aa8d37d17a21eaee18186e39dc9edf1b93b5a891f48cca5bb9506362

openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:07ca4c9d778c01766dcce2d135e5e059eeb14ea4311120feb8a99d71bef9f7e6

openshift4/ose-machine-os-images-rhel8@sha256:2542939060bca980aef8f85995946f8fc2cda41b66a7a559be64e2fdc7e8f8e9

openshift4/ose-tests@sha256:3909367f08f59c3c535fadb9dab8ae63c22b4c3db7a996dd7a7f3f323b3cb2a9

openshift4/ose-tools-rhel8@sha256:7277d4b05b2da0c7dcc66ddbc8807cec62c960228192d64fca6873bb49d29d9b

ppc64le

openshift4/driver-toolkit-rhel8@sha256:82ab392c7578d69c4e3d0d9822e9e8f09268e4f1a4803036dc920723429970b7

openshift4/network-tools-rhel8@sha256:939c0901911f3abd371d68aa0f5ce66a197fc8f77a9f5ee311a198cae4668183

openshift4/ose-baremetal-installer-rhel8@sha256:1b79570e6aa014de95db624256cff0d59cc37e0f39ac1da2db4a0030b16b1956

openshift4/ose-cluster-kube-apiserver-operator@sha256:e2225657d998872ba7ec0870520e9c294e3b7a108b7c41546abeaea3edafdfe7

openshift4/ose-cluster-kube-controller-manager-operator@sha256:8410edaee7ad1d694d6eb444fb5afef6aab9264185b0df6b958869f86b21a521

openshift4/ose-cluster-kube-scheduler-operator@sha256:df94d41284dbc4a1ba8beb9d2a85cec13e76919c77d5d035354ae168dd559662

openshift4/ose-cluster-network-operator@sha256:b5beadbe32fa7ec270d445fcff892998b11665dff99aae7de40c925a9e3f5db2

openshift4/ose-cluster-node-tuning-operator@sha256:7e1d8f9efe82d700a7bffe5363b7543b3735d53ceac8ce8676325b24c9c09865

openshift4/ose-console@sha256:54d1023ea3d4dec2b28d3f6fb008c416206fc24618facc2ea0a52f38096f1652

openshift4/ose-csi-driver-manila-rhel8-operator@sha256:0595285fea2b486c96458aec1b600c3e1cd3a205acd40a537cbe21f0264a98a4

openshift4/ose-insights-rhel8-operator@sha256:b1ab1ec02034423ee022d5e6be039c5c130bf2477b1195165afcd57a8c9dd33b

openshift4/ose-installer@sha256:cdf74651299093513ce2f5160df611c6fc58acc64828526ccf28162acf7e12f9

openshift4/ose-installer-artifacts@sha256:bf141059c21d5aa62b357376690350ca5657e0661655a83551a42cfd6879f1a8

openshift4/ose-tests@sha256:e229fe446d8d10452347bc3526bef35928c3e511307c0b0855a7a034ba76e186

openshift4/ose-tools-rhel8@sha256:bf2d7a2e1f16e06d57fad1a8d053990c206faff7c3dcf9f7a519cc9a80634357

s390x

openshift4/driver-toolkit-rhel8@sha256:b4fbe80c845a7c193db8ccbf9c4d37b793ceaac92e02468249ccd7591cd42c1c

openshift4/network-tools-rhel8@sha256:d4b88c6ea0fb265b2671c8147ba8310910027b5293e63d5ace4526b60cce19ea

openshift4/ose-baremetal-installer-rhel8@sha256:9214544b1dc658aeb7cf08b46aff9360ec2d1b81de7bc62a3b98c10b90b9386e

openshift4/ose-cluster-kube-apiserver-operator@sha256:78b07d1da142bd21f4755bfd188963c0310933a3ac12de3e03027d7f473a914d

openshift4/ose-cluster-kube-controller-manager-operator@sha256:e2807854795015cc544c1530c3f0d595e28d1d2fd164f638095ea27e35395b5d

openshift4/ose-cluster-kube-scheduler-operator@sha256:4265c2a39d96625870cb96d55fdb658b2ef614973b8a17d1789d4a896b932a69

openshift4/ose-cluster-network-operator@sha256:126ef8b405e1948d7f48ce2f9d3969ca392313baa4a90444c327d221c9a11812

openshift4/ose-cluster-node-tuning-operator@sha256:67d0ce68a4d2ff1fbedfe14f6fad7835dcc6ab99bb47d9a91148c9bc2b3b1e67

openshift4/ose-console@sha256:ca7b6ee8a55534fe16ac639b9d06cff32e43c77610a879c190aa78846cf33fda

openshift4/ose-insights-rhel8-operator@sha256:f8b79eadf6b917496ad72a29f20b74f08791b848363d0fb66915a0cdbdc64083

openshift4/ose-installer@sha256:b03a8143326290e095214d4be36b9e945bc226d4dc7a3b9307232b16113aec74

openshift4/ose-installer-artifacts@sha256:8bd9808b0b6982b0acbeeb42a16c90323708d8d1acc666467e073798c63e95ea

openshift4/ose-tests@sha256:c7f039ce53d80fbf62b505d053a7512544c951ee899d96cb45185a6c6047dcb8

openshift4/ose-tools-rhel8@sha256:d4ff067dc09a15b9af900aa0f9bea2e3df58f913657ca12adeaee52198713c41

x86_64

openshift4/driver-toolkit-rhel8@sha256:397bdb1550d3d620376760449a14147266e87a5486a85e1381b10052daa0b392

openshift4/network-tools-rhel8@sha256:9c8ee198f2f8ea9fb39c0cd52979565dcd92b0216cafdbc6d27650a13f669e77

openshift4/ose-baremetal-installer-rhel8@sha256:d40cf9d3c31d89fd03725440a0cfac82eb4d68ef7fb6eb17f4c46c947588028f

openshift4/ose-cluster-kube-apiserver-operator@sha256:315b607b99f55bbf5f5ea96982fa971fa7e7c200440b5c10baa6c79911c54139

openshift4/ose-cluster-kube-controller-manager-operator@sha256:d3869ca3f7e129f36e27cfeff9718c08c62b79cde95c1b4066965a5d2048c8d9

openshift4/ose-cluster-kube-scheduler-operator@sha256:4aa821d5b5bb020c8c0c91e94ed62c193d68cbeb7fc1e7f04278935ba7af0eeb

openshift4/ose-cluster-network-operator@sha256:94c162577fa2fe2be23b275c50bf9a2b9d11840edea185006906423a3dc01cb4

openshift4/ose-cluster-node-tuning-operator@sha256:e0f239a8183b7d2ae6f7282f107a495da4cf59119b5e45c47df9e10a99c60b5c

openshift4/ose-console@sha256:27f522ae8d8cf2dc05d4f9d8818090b083fe5a24f7612a237a126dc8a21aaa94

openshift4/ose-csi-driver-manila-rhel8-operator@sha256:1b4fd460c184dc932737d1ecd2ac589d19a17951bfee26feaf197397da2c8376

openshift4/ose-insights-rhel8-operator@sha256:1cf16833b16d44a235a99bf0a4feb24cdd25d9461c0f0bbd3dfb905fab4e392a

openshift4/ose-installer@sha256:85326d60688393aff99b84f4b34ef54ceea1771990458ac71cb4d05310c1dc76

openshift4/ose-installer-artifacts@sha256:91f09a1cf525590c6d7ce1ad2e22c2adda2b949edfd75175be8ca7839605df0d

openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:6168ca5853f5af977f2421bc256f2982738cee6a6576971effb1339d1b089c62

openshift4/ose-machine-os-images-rhel8@sha256:fd888682e172f09965ad7ce5c52a77d3d0d0224d95d76f65a8ad921db2251038

openshift4/ose-tests@sha256:71da0acad0568a1220c23a10125ff3bbefdbeebd7db5a9b7ba258a7f8dc92b2d

openshift4/ose-tools-rhel8@sha256:bc050f0ad7f96d9f9151010129e62ef40bc6f7eb17a58b6c3881c2ced9dcf209

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation