Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:2014 - Security Advisory
Issued:
2023-05-02
Updated:
2023-05-02

RHSA-2023:2014 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: OpenShift Container Platform 4.11.39 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.11.39 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.11.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.39. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:2013

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

  • prometheus/client_golang: Denial of service using

InstrumentHandlerCounter (CVE-2022-21698)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)
The image digest is sha256:3545730c2018e0b092d6132b31068e517cbe99b99c52c54f2a9afad61e051e3d

(For s390x architecture)
The image digest is sha256:03a6e7affe6f462dba408fbb63fe0454932fbbbc712366b2fab73ac2ba4c49db

(For ppc64le architecture)
The image digest is sha256:bf2531fff7f8de59465e33bb01f93b2630cf89938df2dfe2a1485068ba3ded77

(For aarch64 architecture)
The image digest is sha256:32a38600810014118be599f2e50062c82fc68c60e06add25c57fec1da23aa1ab

All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.11 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.11 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.11 aarch64

Fixes

  • BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • OCPBUGS-11969 - Console Route is re-generated using appsDomain and not cluster domain
  • OCPBUGS-12243 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail
  • OCPBUGS-2844 - [OKD/nanokube] Different NPE when using console with a nanokube cluster
  • OCPBUGS-6687 - Do not show notification switch for the alert rule which have no alerts associated
  • OCPBUGS-8000 - openshift-ingress-operator is failing to update router-certs because "Too long: must have at most 1048576 bytes" message

CVEs

  • CVE-2022-21698

References

  • https://access.redhat.com/security/updates/classification/#moderate

aarch64

openshift4/driver-toolkit-rhel8@sha256:14eb6756fa68f96b9c6cad424ba36e756045c4c020cd37875d9d03abeb9e7d1f
openshift4/network-tools-rhel8@sha256:f5009afad1bd7fb09ee8bd4c3ff5c5a64fb8e03e2aa28e8b0439293e08884e39
openshift4/ose-cluster-ingress-operator@sha256:4ae544e806f2f65f1fa650494c27fcabd09f6c23c0cc89fc29665f223dcf638d
openshift4/ose-cluster-node-tuning-operator@sha256:8659b64f1aa6c3e3a534a3dd559136d654ec9d6b86f11f8e2d947e7975d4c482
openshift4/ose-console@sha256:a8cdc6d42253459ad4868429d20452353c00ecce3126d016171ca8755489c1f6
openshift4/ose-console-operator@sha256:221a85175eb8ebe2fb0076fe2fbcf7261efc7197f8457c8c93fd57c49e0059ee
openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:715370aa76e4f8426afb8e84f066814ef30e187fb7c95479925124fb2c857fe4
openshift4/ose-ironic-rhel8@sha256:6888952f36f223e6f54424ec9b1441f5530b49f623d58b3f7e78bec3c1f4761c
openshift4/ose-machine-config-operator@sha256:03e3c6d3366b1cfb8afbec8a0e13e1f060ef8586cc14a50a8321e8989852b8ad
openshift4/ose-multus-admission-controller@sha256:ce7b1592296f173c1627e563befc13b0c27fc7ad51cffcb047c02fa7a3fd1c3a
openshift4/ose-tests@sha256:36c242bdd0868571966ef95c2092fb83964b0a7b76cc382c6e8321c723f9d08b
openshift4/ose-tools-rhel8@sha256:a3f7bc8e201e96c73f07e16335869419ed3c67b5b5cc8290e068139212385d03

ppc64le

openshift4/driver-toolkit-rhel8@sha256:3e33e3376b8f924213202b019003e01b67aa701e3f6f70cedec118ed8d86ee87
openshift4/network-tools-rhel8@sha256:23137ddbe6163e5a27d767b9fdfb365de0cf2403d05fb45df68e157fbd17ef8c
openshift4/ose-cluster-ingress-operator@sha256:92d0698b248981fec14af4c89f4afb9e05a187065b8c8e10e206af79dd797120
openshift4/ose-cluster-node-tuning-operator@sha256:8ec345bc19afdb55cc3de2966e85d3023da907ff3a8d0ef9b9b207a31b617574
openshift4/ose-console@sha256:8b7a226789b0d58f02102d1913d6710d4792d38df74448f20a895110a25a1000
openshift4/ose-console-operator@sha256:7930b2273b8aa31e5d669ef3613d722e4e61c86171d2a14473b2577fea238cff
openshift4/ose-kuryr-cni-rhel8@sha256:3b89294b40f489f863abb2c1b03a94faa62f8c0c4f85cfc16e82e63d920e1004
openshift4/ose-kuryr-controller-rhel8@sha256:915b4117fbf7c009d2bbb9ec484e2e81bf35afa335125d14b2f1882ed212a1f1
openshift4/ose-machine-config-operator@sha256:7c011fc474c679eca9210c37da288dbaa90b3f2a9ee805032da0728b4c16b919
openshift4/ose-multus-admission-controller@sha256:b16f96f0d6b20f2691d343ca1470b52a59b75302cf525876915794accf013a37
openshift4/ose-tests@sha256:f139604022dd4fa462c9ba1c7c4f77492f19b6868a92ca349419bd661ef848e3
openshift4/ose-tools-rhel8@sha256:3a42c24754bb8d38b3bb509a7360b493a72697cd9c10f19631846c5597f4b0c2

s390x

openshift4/driver-toolkit-rhel8@sha256:594df772144bbd54bdef8526f8a1db8b9410c4f6a3521198676eb0a2641a9a7e
openshift4/network-tools-rhel8@sha256:3e222da74d25ab71c894e394fed9a4f60559d2af0a541b357bcf521ac97e6d3b
openshift4/ose-cluster-ingress-operator@sha256:2f8732aa24b6f56934c3b639c9b3e4caa445f87972df74a174b03d6fa147b41a
openshift4/ose-cluster-node-tuning-operator@sha256:d99e143a233183ff9d6093071da59453f8c9b7c5bac97fb893368e16cc30f2e9
openshift4/ose-console@sha256:1b368a68f373a66c744ddf44efca65929387c381d0033362ff31bb5c01b41799
openshift4/ose-console-operator@sha256:cd0bba83906b08b129ef82c952d3b2a6bdf35cbc20d35327d7b91f6704a7e1fd
openshift4/ose-machine-config-operator@sha256:ced7f91429179bea95f2569793a3ede7fa4a2b3ebfb1917522994cf194b4a6e9
openshift4/ose-multus-admission-controller@sha256:e7097ed3aa1ad62f4bb2d6354a38358b4c12b84941df3af0ea15f306f72022eb
openshift4/ose-tests@sha256:178cc16090a1cd2d916270e956bf3848006faae71e12911d6807a3220b1212c2
openshift4/ose-tools-rhel8@sha256:9f0aa8b8a5612bf9936c9be8521d713eae72000b3913d7461b5a3315d93676ea

x86_64

openshift4/driver-toolkit-rhel8@sha256:dfed734e35163b1ab8483568780d13b528b4c0f558f8e727538af723b7a41ed4
openshift4/network-tools-rhel8@sha256:5a713a3a1a4ec7b394108042eb32b5c82fbcf9dd482e555bda26419c9afae2a9
openshift4/ose-cluster-ingress-operator@sha256:346c77d98b5b60f432a5773ba7bf982a03bce08260cf6a7bd064332b36c1fc02
openshift4/ose-cluster-node-tuning-operator@sha256:99cf5c7b5460d5dddc2207f4652b424466c79bd35154c1d3ff4127bc4033e012
openshift4/ose-console@sha256:095ea950304f1ac3728eccaf3156509e91777b4eea3f3d698aa9407348387695
openshift4/ose-console-operator@sha256:675d23b3400c8d9cacb802856c92a9c4ca0e7495825b05af25bf2493c70ee13d
openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:e8888207c7ba840fd8769e572b96265db79431b77e7ee08c653e8df8e37c3784
openshift4/ose-ironic-rhel8@sha256:3d8b87ef053d1a4f86ea7691d387fa8785473f55a38dbb5d4bbcb5eb4570444e
openshift4/ose-kuryr-cni-rhel8@sha256:38f411e02bc81db5e351336dcc67d64337c5ccbedcfd016dc20ccf730884587e
openshift4/ose-kuryr-controller-rhel8@sha256:52732ed360938b5fe3b02d486aa1c5bf7268b2c6d316e3bf69abc9cf9b29e101
openshift4/ose-machine-config-operator@sha256:4373784720b05e179234504add8f3c6f336b810d79455fde08b47f622b69c2ae
openshift4/ose-multus-admission-controller@sha256:cb09511dc677fb60676e67d06d2876367760b5533ed292b2e108a7bf3aa13288
openshift4/ose-tests@sha256:18226bf694fa774355559a3f6ad4e2c4bc988ab51fb51b8610f489f36e4d5e2b
openshift4/ose-tools-rhel8@sha256:a9e61d9502a903163aaa4dde8edba9f176abdc837dd4c774897376ecf33ef222

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility