Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:1327 - Security Advisory
Issued:
2023-05-17
Updated:
2023-05-17

RHSA-2023:1327 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: OpenShift Container Platform 4.13.0 security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:1326

Security Fix(es):

  • golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [LSO]Error message about "ErrorFindingMatchingDisk" is not clear for cr localvolume when no volume attached to worker (BZ#2053505)

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.13 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.13 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.13 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 8 aarch64

Fixes

  • BZ - 2053505 - [LSO]Error message about "ErrorFindingMatchingDisk" is not clear for cr localvolume when no volume attached to worker
  • BZ - 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
  • OCPBUGS-3057 - SR-IOV | Connectivity doesn't work with iPv6+static mac on top of i40e driver
  • OCPBUGS-3624 - End2End tests fail due to lack of Pod Security Admission
  • OCPBUGS-3671 - Update image version to 4.12 in cluster-nfd-operator github repo config/manifests/bases/nfd.clusterserviceversion.yaml
  • OCPBUGS-3679 - NFD cluster-nfd-operator make image support for arm64 deployment from github repo needs Dockerfile updates
  • OCPBUGS-3682 - Allow multiple NFD CR in the cluster
  • OCPBUGS-3683 - Allow multiple NFD CR in the cluster
  • OCPBUGS-3689 - NFD does not properly detect AMD processors
  • OCPBUGS-3707 - NFD operator default namespace openshift-nfd needs specific pod security labels added for OCP 4.12
  • OCPBUGS-3745 - Replace deprecated go get in Makefile
  • OCPBUGS-3747 - Changing kustomize version
  • OCPBUGS-3815 - Update skipper configuration in NFD operator
  • OCPBUGS-3838 - Adding local ARM compilation/build configuration
  • OCPBUGS-3906 - Fix bundle for release-4.12
  • OCPBUGS-396 - LSO should warn that diskmaker can't run because of taints
  • OCPBUGS-4066 - fix operator naming convention
  • OCPBUGS-4346 - fix operator naming convention
  • OCPBUGS-4462 - fix incorrect format of old skipRange
  • OCPBUGS-4722 - update sriov csv to 4.13 from 4.12
  • OCPBUGS-5178 - BF2 is not converted to nic mode after applied converting machineConfig
  • OCPBUGS-5293 - Current State api call for os-clock-state creates nil pointer-Dual Nic
  • OCPBUGS-5377 - Multiple times switching slave port to fault causes the port state to remain in HOLDOVER
  • OCPBUGS-5822 - NFD topologyupdater functionality missing on OCP 4.12 when deploying NFD from bundle
  • OCPBUGS-6184 - Update 4.13 sriov-network-device-plugin image to be consistent with ART
  • OCPBUGS-701 - SR-IOV VFs may get reseted after being allocated by other pods
  • OCPBUGS-7826 - Multi node http service support not working for consumer
  • OCPBUGS-7856 - [4.13] ovnkube pod crashed after enable ovs hardware offload in baremetal cluster
  • OCPBUGS-10381 - [4.13] vDPA vf cannot be created
  • OCPBUGS-10729 - NodeFeatureDiscovery CR Status is not populated/updated anymore
  • OCPBUGS-10782 - Fixing the the release manifests directory to point to stable
  • OCPBUGS-10702 - Fixing Topology DS pods startup
  • OCPBUGS-10896 - CNF Upstream MultiNetworkPolicy SR-IOV integration backport 4.13
  • OCPBUGS-11065 - Pod annotaion key k8s.v1.cni.cncf.io/networks-status is changed

CVEs

  • CVE-2022-2990
  • CVE-2022-3259
  • CVE-2022-41717
  • CVE-2022-41723
  • CVE-2022-41724
  • CVE-2022-41725
  • CVE-2023-0056
  • CVE-2023-0229
  • CVE-2023-0778
  • CVE-2023-25577
  • CVE-2023-25725

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

aarch64

openshift4/kubernetes-nmstate-rhel8-operator@sha256:f0f6ea6af286b00e9fb570c63b372743e7c29c95651ec366696571ccfb29d9ba
openshift4/ose-ansible-operator@sha256:412681e1a87197f147d8e7e7cfa301c7ef955a9705771630153b084665270e36
openshift4/ose-cluster-capacity@sha256:c31f15f26263ca54360425c5bf5841f48ebabb1934a2dac99dfcc12163f2fca6
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:93880f355d7a0b8d3ec686c280b755280a8469da066fdd9a705b1f118649b3fc
openshift4/ose-egress-dns-proxy@sha256:2432ded0869ad485b9f6566cad826b9b4f6c19a08394ce2b23680c04a793a17d
openshift4/ose-egress-http-proxy@sha256:e7d616464693e87eccef59b0029c4b951f7c04808e4df6c0f4885fdb981ee5d4
openshift4/ose-egress-router@sha256:6d4f086579f5e15a28446e6b50ea21c1be984a396eacf21360f1ce0f0058bab1
openshift4/ose-helm-operator@sha256:b1a84ac54ad1143c81da36e31fb18077c7e6d5737d02ac857cfe6893e548ee85
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:5116db957516398465fa5b0585b6f5d200554087f6955ceeac87f635d8261533
openshift4/ose-local-storage-mustgather-rhel8@sha256:eec4bfd3b27863d79cec89b8e8f4c3867e87d0b0dc377a5ce13f7fe6d6d44e62
openshift4/ose-node-problem-detector-rhel8@sha256:76ba0edb7104a895598b8db8a6b4361adbae867e8707ab47b0c50b7ce835a050
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:992dc72112c555c5b2a397b7f9b57cd359e14418ee13a2c867262a6c240d7d5d
openshift4/ose-operator-sdk-rhel8@sha256:f161a7ac0a548b403b2dce79ba0746465606aa383e0155cd36157534649a23ca
openshift4/ose-service-idler-rhel8@sha256:ea31ddfee38cd908c982caa97f97458eab2a73a11d05bd1fd72165a0d04e8f17
openshift4/ptp-must-gather-rhel8@sha256:546c5fe0448350d45773fc62707b4fa0e584119cb48d10f21abdfa2bad690b27

ppc64le

openshift4/kubernetes-nmstate-rhel8-operator@sha256:3a736c5d770150a34253a1cbd85f83289b7f57fb11de5fd5b54f60267e6b3767
openshift4/ose-ansible-operator@sha256:97ec0abf03c44d68169f41a34508c2eb4dcdc078ff8e94aff2bf40f240397bc2
openshift4/ose-cluster-capacity@sha256:085dc01d60a8577cf10c0989a15e35d9ab5d2e638c3ad7ad610878714050e567
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:a72ab5a84ba0e7335ae9a19a8e2e5da46fb72799d79b512023d0d4caa3562416
openshift4/ose-egress-dns-proxy@sha256:6b14a75f6ac58bcdb7b88fb3e21cd64826ca9ceda7b081d16d625780f62f221d
openshift4/ose-egress-http-proxy@sha256:7f3e96b390f1d73a0f8847c8464937dfe174b3417d1559625aec218b62c38ffc
openshift4/ose-egress-router@sha256:f44b1675aa5b06edc2c9f757f4bcbe4f67c52abab64da555c501c75ea087a6bc
openshift4/ose-helm-operator@sha256:49e710b6860e0bc903ae648bd1c5cbc7095788cc302c8ca4e065a72e1294db87
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:c1ac479083431521d52e0dba496ffd8c7ddbaf7347ada1c7fa294b5c1fa9fced
openshift4/ose-local-storage-mustgather-rhel8@sha256:e9c01cb695b5de5ee4e7e6f0b0e24508a3dbf910f6a9eb94fa0b8784c5c70977
openshift4/ose-node-problem-detector-rhel8@sha256:b10dc1371a3ba8f67715a626fb55e36d24f3457fda7588ef1f3e73883365d4e5
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:5f39585b167345f7a73fffe1758b94852bd3e5fb43b19cf740ec98e4dc287580
openshift4/ose-operator-sdk-rhel8@sha256:ab7c321f4ff6f5307d21e8577e58a9a9264218619729f387ab98754b1c3c49a9
openshift4/ose-service-idler-rhel8@sha256:96b0e5d9882d5b54ca6bf17279b8ce5f75362a76d7152d8d21aac345d951a69e
openshift4/ptp-must-gather-rhel8@sha256:edcd2fbe79e64ccd23064df904841234ef7b16e1e990a9115373d70761586594

s390x

openshift4/kubernetes-nmstate-rhel8-operator@sha256:663c387f7a558674ca164915bc062c5839d4aaab451c72b0728af1f4a2882f4a
openshift4/ose-ansible-operator@sha256:ed640625bca8655222e155f9fb1565b550f10d0e19f586573be55a77cd4bc6d9
openshift4/ose-cluster-capacity@sha256:414a036d98ad0843b3e57a9cbdc3a0240411debfaa623d3b3ad7b236d94fa140
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3b12700d1122a6948ae809696069dff8c2c016ff6e4aac3f77edcedc272b178f
openshift4/ose-egress-dns-proxy@sha256:281de93b2a489597202ee862d4eebafaa66e1539c063b0dfe8cdc04b3b32d839
openshift4/ose-egress-http-proxy@sha256:baccbaae5cc255249424e4665cbbe0abdf3d86c3e5055b7da15d948c34918482
openshift4/ose-egress-router@sha256:5a76594c8af37e29c97f8144aff840a21c36a13916c4ec11945bd779a872b4d3
openshift4/ose-helm-operator@sha256:389698831ac4bc85265f126e9b8ad8ff631589fdcd2914440460bcb9fd8e238f
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:90e08ac312a05b278e0410d33f1bea173caf0136dd60fb698b30eb8c72ee4a37
openshift4/ose-local-storage-mustgather-rhel8@sha256:db9443d768cc42fdfa49b5aa53f67f76ca451155113bd8db1bb98b0feda7d796
openshift4/ose-node-problem-detector-rhel8@sha256:7c060c626c03fed0112cd82676bb4740e6a35088226dd7de1536e072165c22c4
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:cfdb76e8b7b5b4b5470d63e0fa8d3ffeb09011fc50c9f3b43de6a5383ab7c41d
openshift4/ose-operator-sdk-rhel8@sha256:3dd39ef3c0b025dc8c9c9ef9d6df3baa5cedc6112f56368ca2cec7b33d197805
openshift4/ose-service-idler-rhel8@sha256:de0ddaacbb6bf92026e9711bf27a463e23c8095c08cce25708e13bfddc9481b7

x86_64

openshift4/kubernetes-nmstate-rhel8-operator@sha256:c3238f8f38f39733ee9308155936bbd7e574d52a2c1d150f4f2e6f8dd4a79ed6
openshift4/ose-ansible-operator@sha256:1ef64b2a695bce10b05305512197e4745195234666b3d11f0da8c79ff3f039e9
openshift4/ose-cluster-capacity@sha256:e6be71f0962bc11fdfa94b3347c7fad3139bd73be157d1904d8439cb3a324066
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:85e0e8b3a65d28382b61e690a86434eb89b09991f6c90495372797bfda62c2ea
openshift4/ose-egress-dns-proxy@sha256:6170b5b432ee402ffcea52cee9932209df94856d02e6d47063bc0a4e4b92b0e0
openshift4/ose-egress-http-proxy@sha256:b33839f05f1491340ed582ea0dfa3151515a1125dbaed27cfa108b3ffe95c4c9
openshift4/ose-egress-router@sha256:0432df3a9892a44d9970608f4127750f05909535298371e923367b538ed9664b
openshift4/ose-helm-operator@sha256:ce488a957a49a9a7d74490ca0a718040d1fea53fb9baecbbb8a0a4f21af146eb
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:86feb88703037fe18100ac77fb9c5607a570ef6b2393cf1143ad179e9cab9b48
openshift4/ose-local-storage-mustgather-rhel8@sha256:d13730bcc8665bb085dcb37c5ad6e7744ea16c8dd0972a769c4c205ce275d4d3
openshift4/ose-node-problem-detector-rhel8@sha256:2d3556de36bd7218ace5a232b02631cdb89b39e6498e13b47d5028627b832ce1
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:3f011a3a990804d480c4ac53b5c30375e59551cdf174cb2dac3092051c8dc5d8
openshift4/ose-operator-sdk-rhel8@sha256:3ad6f3f8f226305331a58770d1787623822653c8f172328d767b1552a81cf60b
openshift4/ose-service-idler-rhel8@sha256:18561853b5f561510e4ac7703fefdc7202369d2c9c99d21658134ee4efa87487
openshift4/ptp-must-gather-rhel8@sha256:485ee62cd061f15a1ed5098c0c662d8f5b9c9a4634ccc26f9ae27fa5bd2e0606

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility