Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:3216 - Security Advisory
Issued:
2023-05-24
Updated:
2023-05-24

RHSA-2023:3216 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: OpenShift Container Platform 4.10.60 packages and security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.10.60 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.10.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2023:3217

Security Fix(es):

  • cri-o: incorrect handling of the supplementary groups (CVE-2022-2995)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

Fixes

  • BZ - 2121632 - CVE-2022-2995 cri-o: incorrect handling of the supplementary groups

CVEs

  • CVE-2022-2995

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenShift Container Platform 4.10 for RHEL 8

SRPM
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b
jenkins-2.387.3.1684251986-1.el8.src.rpm SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75
openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be
x86_64
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm SHA-256: dbda9dfa0e12b964d3ba763964cd60bb50aabd15060fa04139c9f3a4af398758
cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm SHA-256: ef218912bab2c4c55f6978185a792fb2e176ccc54d05ab6625644f1b31d8ac6d
cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.x86_64.rpm SHA-256: 359d4baeeaef1ffd78edd206e9e510908168094dc7ce5eb77ea49a19e4f5eefa
jenkins-2.387.3.1684251986-1.el8.noarch.rpm SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933
openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad
openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb
openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d
python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform 4.10 for RHEL 7

SRPM
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el7.src.rpm SHA-256: c58e25bf69fbabf925958989b325f449091a79512f28c451bfa0dd7ce58e4dc1
x86_64
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el7.x86_64.rpm SHA-256: fb428bb45e232f4675cc14e88f3abf7e04fd5587659e033c71d4dd2a9dbac293
cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el7.x86_64.rpm SHA-256: c76a52df1ea2de7cd1d5213500f46863cb19a65911461735edd5ac75950a338c

Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8

SRPM
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b
jenkins-2.387.3.1684251986-1.el8.src.rpm SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75
openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be
ppc64le
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm SHA-256: 9f098c21ecadcf0e30388ef6018d1e85dd6c2a2e25955395037515930639d29e
cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm SHA-256: e5f56c87de6c8c4d829e7fefa18592c7c01b5968df666325516ddfde47359f17
cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.ppc64le.rpm SHA-256: 1c80a7a3f461ad18d5fcedf749602ffa27db2b16f05904c163e0ae35ac161df5
jenkins-2.387.3.1684251986-1.el8.noarch.rpm SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933
openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad
openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb
openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d
python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8

SRPM
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b
jenkins-2.387.3.1684251986-1.el8.src.rpm SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75
openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be
s390x
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm SHA-256: 2e5ce1e37721b116dfa1f590f93e761256bf6abf82c8e394cadb4e65ae9cb770
cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm SHA-256: 560c2453f46cbb216d614663b127f40d00f96e5259f997576f002f879f24c1f1
cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.s390x.rpm SHA-256: 3636a41704b23b1332563f3a143951dbfba307ecf78fd5a8bd2011a32dfbed77
jenkins-2.387.3.1684251986-1.el8.noarch.rpm SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933
openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad
openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb
openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d
python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

Red Hat OpenShift Container Platform for ARM 64 4.10

SRPM
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.src.rpm SHA-256: 060c4db3c1691a23081bb5af418d5cf54da454939464a1c64c69c50661f1cd6b
jenkins-2.387.3.1684251986-1.el8.src.rpm SHA-256: 852adeda3e33233e447ca80d41c5c22bc208960ba493f1ed5c3ca0b42f86bb75
openshift-kuryr-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.src.rpm SHA-256: 9b57ec27b5b5e0740b5ebb4b5e45c2d848165b7d044aed11b1dcf600870976be
aarch64
cri-o-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm SHA-256: eae4398b4d781fa8cc80858682711f020803cfe3d14cca276f22b3563c4f6e98
cri-o-debuginfo-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm SHA-256: 672ae458879a844f06352b5eab7b952562aedebe6f6c765bf755abdea87a60e3
cri-o-debugsource-1.23.5-11.rhaos4.10.gitfc32aac.el8.aarch64.rpm SHA-256: b9ddbe3b1d654a66c006a84a4897510ec2ea514ebe1b25d74fd1a09d0d989ae2
jenkins-2.387.3.1684251986-1.el8.noarch.rpm SHA-256: a077ff60155f4a6023b1b736121a893769d803197590758d25a4d170ebad5933
openshift-kuryr-cni-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 2fde3ca203a0ec959a657645b6e8d851022f829790618bff8a71985c167a30ad
openshift-kuryr-common-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: deef3d2d938643596fc9fa3b6058105387dcc00933c7ab00e3135739a2c89eeb
openshift-kuryr-controller-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: eb398bdd3b120d10b9d2739426dc3e0a1788cc7cf39156a10d206432f0a7c50d
python3-kuryr-kubernetes-4.10.0-202305161315.p0.g8e4df8b.assembly.stream.el8.noarch.rpm SHA-256: 50f36862c465ffd598bab856d981dab501f077c486495c9bfb1846593c0bae02

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility