RHSA-2023:2029 - Security Advisory

Topic

An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog.

Description

The OpenShift Security Profiles Operator v0.7.0 is now available. See the documentation for bug fix information:

https://docs.openshift.com/container-platform/4.12/security/security_profiles_operator/spo-release-notes.html

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to:

https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

• Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
• Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.9 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
• Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64

Fixes

• BZ - 2170844 - CVE-2023-0475 go-getter: go-getter vulnerable to denial of service via malicious compressed archive
• BZ - 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
• OCPBUGS-10045 - The spod pods crash with rhel9 os due to "error parsing semanage configuration file"
• OCPBUGS-12879 - selinux: Allow using other container-selinux policy templates than container

CVEs

• CVE-2023-0475
• CVE-2023-25173

References

• https://access.redhat.com/security/updates/classification/#moderate