Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:3287 - Security Advisory
Issued:
2023-05-31
Updated:
2023-05-31

RHSA-2023:3287 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: OpenShift Container Platform 4.12.19 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.12.19 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:3286

Security Fix(es):

  • dns: Denial of Service (DoS) (CVE-2018-17419)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)
The image digest is sha256:41fd42cc8b9f86fc86cc8763dcf27e976299ff632a336d393b8e643bd8a5f967

(For s390x architecture)
The image digest is sha256:13666e036043e0d2283890259861a8b8132e6afc818973a2f8bab28d9947cd94

(For ppc64le architecture)
The image digest is sha256:00b61dd3ae8d8da28eb7a5385eb1c7f200efa73023e44b1c220a7d041ca1bad1

(For aarch64 architecture)
The image digest is sha256:3d73e42724be8f53f8511df17ef900225305226d37397ffde3385cbc6c55a132

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

  • BZ - 2188523 - CVE-2018-17419 dns: Denial of Service (DoS)
  • OCPBUGS-10275 - [4.12] Lazily unmount /proc/cmdline
  • OCPBUGS-12787 - OLM CatalogSources in guest cluster cannot pull images if pre-GA
  • OCPBUGS-13530 - Root device hints should accept by-path device alias
  • OCPBUGS-13599 - OSD clusters' Ingress health checks & routes fail after swapping application router between public and private
  • OCPBUGS-13719 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
  • OCPBUGS-13739 - Failed to create STS resources on AWS GovCloud regions using ccoctl
  • OCPBUGS-13743 - [4.12] container_network* metrics fail to report
  • OCPBUGS-13750 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository
  • OCPBUGS-13757 - The MCD has a non-functional pivot command that should be deprecated
  • OCPBUGS-13760 - Yum Config Manager Not Found
  • OCPBUGS-13821 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.12)
  • OCPBUGS-6848 - Service name search ability while creating the Route from console
  • OCPBUGS-7439 - Egress service does not handle invalid nodeSelectors correctly
  • OCPBUGS-7619 - Search page: LazyActionMenus are shown below Add/Remove from navigation button
  • OCPBUGS-7924 - Developer - Topology : 'Filter by resource' drop-down i18n misses

CVEs

  • CVE-2018-17419
  • CVE-2022-25147
  • CVE-2023-25652
  • CVE-2023-25815
  • CVE-2023-29007

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

aarch64

openshift4/driver-toolkit-rhel8@sha256:5fa3537e9a3e6d6e24567faeca0159a7d66ecf43d1ed42575d4ce214d1408444
openshift4/network-tools-rhel8@sha256:222734de7fa3f5f05ffe52a5f768e2ed5f777b8b98d1c4e6d6e4a2eb26db3228
openshift4/ose-agent-installer-node-agent-rhel8@sha256:8d61d9e735404c2c89b900e74788bd9a6266ccd1d212c28466d13ceb7e837ccf
openshift4/ose-baremetal-rhel8-operator@sha256:61106eadd60b76fe1f8b8a701c3ef552439e8548313a1966ba54e4dd3f2c012a
openshift4/ose-cloud-credential-operator@sha256:200b3fe70359f82698e3206949cfb89677bc45caaa039bfd931cf899fddcc480
openshift4/ose-cluster-node-tuning-operator@sha256:3ed552879211e0e5195dcaff39f4208808e889471b74c11de5e73adad0d3cafa
openshift4/ose-cluster-storage-operator@sha256:222fa39abd2cf68693ad22e47718b3792aa33389429f97cc6b25c37c4f1c1b8d
openshift4/ose-console@sha256:5c95fd3aa8e329c7461bce80782ce4c3e8fa28d370b09ebd3acc1b5ba37ef88d
openshift4/ose-console-operator@sha256:3af3b89e2a8c77af49dad041a48bcac28d79941456903e0a872b27a0b16b06d2
openshift4/ose-csi-livenessprobe-rhel8@sha256:0ce7e4869cd8a8389c5de0556a75c487b74b0135113cb51976eb5f3e82f8bf23
openshift4/ose-csi-livenessprobe@sha256:0ce7e4869cd8a8389c5de0556a75c487b74b0135113cb51976eb5f3e82f8bf23
openshift4/ose-docker-builder@sha256:82c55d7e3bf54e3f14d86283a00722018836ef24bfa62cae76f1b6bb587febb6
openshift4/ose-hypershift-rhel8@sha256:dee0e84b35a79aaca6b59bbb6a8e6b70276601d96a9fefe6a221b7606f4b6f1a
openshift4/ose-ironic-rhel9@sha256:b5f2a53f84877b28b2b1f8ba3151ff2ab9f1dc93c17cedc49bf6e9ec588d7c5b
openshift4/ose-kube-proxy@sha256:5a707252ce27573f4bb470d5e2d4bc869c4f87f7e2ae8881fb9fd90fd0708b0a
openshift4/ose-machine-config-operator@sha256:5aadccb6a4b322da5e56efdc206f3dca1ed91a7045df81bb6db5956abceda99b
openshift4/ose-ovn-kubernetes@sha256:8d8e424d9db3ea98fb7fee96acbc520cc253ecb9e812d6c295b4d183c0088c87
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:5ff2110b1f09f187ae186d14f2db91691e40e0452b6a966ee635acd7f4492640
openshift4/ose-sdn-rhel8@sha256:9be96bf62816ac5b04a1e119579b409c1aad25ba3a6943e6664234d6d4547a42
openshift4/ose-tests@sha256:0fc9266a5cc735b3d3bff191b50c84380e93fc6e9f3feee823b4898f4bee7bc2
openshift4/ose-tools-rhel8@sha256:6ba485ca7d5a652f2f6e27c0163d55f22e7a61f0d8a2870f39daa07435c6d6c3

ppc64le

openshift4/driver-toolkit-rhel8@sha256:a13de971e0ba038eb719284c54363083ba4698968dfd813d2fb313eb25a7d4e8
openshift4/network-tools-rhel8@sha256:765f6f2218e07d77bd43c7f2b4d5e3c3e163b2de6f8b157d3e871ac6b1e945aa
openshift4/ose-agent-installer-node-agent-rhel8@sha256:d6f42b96be3870ecbb649cd9cffa520b020fa54d355b2d2a6cbb31736cb90a98
openshift4/ose-baremetal-rhel8-operator@sha256:aacc7590ea3d3af9e641d6844585ef8bf3922c08a1fd8a638b7f9bbb327347b8
openshift4/ose-cloud-credential-operator@sha256:581bfb29847aa9e10a74a3bec6ee8e16a1c45fc63258c527ae20ea6a30da10fa
openshift4/ose-cluster-node-tuning-operator@sha256:39cd459114207a561e80fc19605797cb7c2141febe86a66b799b17a42ccd8b0c
openshift4/ose-cluster-storage-operator@sha256:c9f434f6a42842955acecb9413b3eea40235d604e3e46037a65fb07b9aad27dd
openshift4/ose-console@sha256:f394b33afcb7e4b997b757d52f5010b1cc0e7b32eab80ea83a06d95d358c6c22
openshift4/ose-console-operator@sha256:009891cd53f05a978356a21700cd7acb95f23181579aad2544066d1c9759bd68
openshift4/ose-csi-livenessprobe-rhel8@sha256:d3665648ae2377db1dc7e5b03540b8349184f81480adea3e583db38dc9b6d48c
openshift4/ose-csi-livenessprobe@sha256:d3665648ae2377db1dc7e5b03540b8349184f81480adea3e583db38dc9b6d48c
openshift4/ose-docker-builder@sha256:63204a43a6c920f2b95f419dd14d6115e3e4360cb256f81490fe9ff34a7a4d2d
openshift4/ose-hypershift-rhel8@sha256:40164090a9b7189aea2b7ad8651cc6a3f93acb426eb5967533e3a31da5f40034
openshift4/ose-kube-proxy@sha256:f7564f00bfc6d879383373beabda901ad08726c14bcee96c3d77eb1f1977505f
openshift4/ose-kuryr-cni-rhel8@sha256:c22b5db0bf401c0d73a22d6f43e1c5a859d4d68e771b34c65a0be0f9ddf60e3a
openshift4/ose-kuryr-controller-rhel8@sha256:e9e4935de3377a659007b25f62d5a2685749b000f3475bb506228be65f687320
openshift4/ose-machine-config-operator@sha256:f8bf78a3013f387658a8f227b32b4b7e3eee52f821c45ff7d25274913c6a7929
openshift4/ose-ovn-kubernetes@sha256:c62cb4c4cd34e5c8ed5a0bc43b4701cf71e418ee7062f84a87ccbe6c65a16b75
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:6ee090731b3698fa3ccb7b97cbaeb4716ee78d9aa9b2ab665cf145e2c334573c
openshift4/ose-sdn-rhel8@sha256:5c7e3702ac3c52d32e34253b0262c28c223570d82f3c28fbb998c2d25247720c
openshift4/ose-tests@sha256:12dec5cb15396f8c7135384c41768f37c925d0d97d2919c2661e9d903d18a9c1
openshift4/ose-tools-rhel8@sha256:6d13d7ff7526ece3dad6664519a83b855234364ec251aec0102e3ecd5e38568a

s390x

openshift4/driver-toolkit-rhel8@sha256:052ff26099d12eeefb091886fb025b36134c5a71cd67b21623a2ee1a7093193f
openshift4/network-tools-rhel8@sha256:a4345c7406f634a92336c5f0250144bb1e9eb002fb42c9d9b236c38c33be3b58
openshift4/ose-agent-installer-node-agent-rhel8@sha256:606c52e072f84cda327e09422f162df5d048649e7b14b809cd4a4c39b56102fd
openshift4/ose-baremetal-rhel8-operator@sha256:799571d70aaec06b9c705d281a635ad299dd7d771b9fa439a36aac9536aa503a
openshift4/ose-cloud-credential-operator@sha256:2ee027a0c5335da2d34fe85a5ba841f086769731be732b4532c6d8d59682fbd6
openshift4/ose-cluster-node-tuning-operator@sha256:0d5ded10f510225678c8e0b38c6fc9fc7722d1ebb260414fcea517a38be5bf7a
openshift4/ose-cluster-storage-operator@sha256:ff373ddb37ca3fac8f43c25e83974839e9492325e7dca9cdf473cc85e410082d
openshift4/ose-console@sha256:5cb1d5a5b872ec9d0eaca36e19859d6c794a054aee25b49d1d69bed1427fd24c
openshift4/ose-console-operator@sha256:418b4ad76460f091a180bf92f61cb24ee9e26552eb13fa81a166100c05b8449d
openshift4/ose-csi-livenessprobe-rhel8@sha256:8223b530fa2172e70d5a0ea7f76124899be6731a7910b7f447ac758089d11cf5
openshift4/ose-csi-livenessprobe@sha256:8223b530fa2172e70d5a0ea7f76124899be6731a7910b7f447ac758089d11cf5
openshift4/ose-docker-builder@sha256:adb80d0341af630910b6ca987800ba2539420372e0f0553a3eb9eda2f013ac82
openshift4/ose-hypershift-rhel8@sha256:e86c6176c79873ebd3ec711d4d7d100b4034c5738264b2d9c1e326cebb5da0f6
openshift4/ose-kube-proxy@sha256:16bf3d439fdeb943f83ac86db546bea4ad20a915a5293f4c63293c759d1c6f49
openshift4/ose-machine-config-operator@sha256:6afc3e6f038732a86fec5c44a2cae864439d6d696143e42297527bf9b9cb9693
openshift4/ose-ovn-kubernetes@sha256:bbbcdd0aad2e42941b6da774f65615044f5b5b5d349adce139a2028b2e89e4ee
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:f3d1250dc01666e723f03740b9545c8bc5b80f473d8986f2bc86842ce4bae185
openshift4/ose-sdn-rhel8@sha256:4f5497c7c95a2ff20dbc912bd9f4813813448f8d13c04f2bb74a2d2c09f20592
openshift4/ose-tests@sha256:a8667c96ee427fb393a10e4d138b3a464f7992a5506116a2c79cc965b2cce18c
openshift4/ose-tools-rhel8@sha256:de2395ffd4878d89ba1fb9581fcd52dec80e2c22b0ba1418668455ef5acaba99

x86_64

openshift4/driver-toolkit-rhel8@sha256:c3f8f489ce56ec03064a552bf4e85c9dab6c35b3c9f29c301e33c9ac8be03bf6
openshift4/network-tools-rhel8@sha256:395685c02c01238b0683bb5c701b40a2cf29d7a85ff17bd9760e9fe297fef708
openshift4/ose-agent-installer-node-agent-rhel8@sha256:7797f95c15da8c6f81c3d7664c329238cb0b5fdbdffb74d18ea03511f2feb3c4
openshift4/ose-baremetal-rhel8-operator@sha256:9cd216db0ce0517609c8c55d1f88b0edd1f6837db2b1ead283bd5bc530283aa6
openshift4/ose-cloud-credential-operator@sha256:61e97ce98c720c9891b284c2e3da95a1e9fba7fb564401bd1043e4129b603642
openshift4/ose-cluster-node-tuning-operator@sha256:20929cd82fb9165e2b4a176c3482da263494bb7c7371a16eba56d18f65543a99
openshift4/ose-cluster-storage-operator@sha256:503cc9d2880e43d4c211a887cc5c67f1cd481c2553048aad74d4454e263a49e7
openshift4/ose-console@sha256:d454863f1b68396af203246b4dc134c002c9e016ca857c15d676dba9fd184344
openshift4/ose-console-operator@sha256:504e6defb83f904eacd995b31aa4f960c3f35457e5bc3ff5cd629088063470c6
openshift4/ose-csi-livenessprobe-rhel8@sha256:145cb33e66f03b94980a24f1f5578a53c7392c51e14659f535ecac5999f78158
openshift4/ose-csi-livenessprobe@sha256:145cb33e66f03b94980a24f1f5578a53c7392c51e14659f535ecac5999f78158
openshift4/ose-docker-builder@sha256:26bb6d2e7ec8f3e969ecb03c1cea5c41d61d3d99363f330fde114c6482628a72
openshift4/ose-hypershift-rhel8@sha256:403e2d84df04695842ea40bbfaf084489713eb5eb62c3ad092fa54d9e709617b
openshift4/ose-ironic-rhel9@sha256:dcae3fd16f67dc12ded846550c0ba4f5775a52b323d0c82776fb4b415563d665
openshift4/ose-kube-proxy@sha256:15a2943de9fa23cec31348fd4ead1c6d14f265ed2a5c9b238c6f98a389b7ef46
openshift4/ose-kuryr-cni-rhel8@sha256:c5af2a2eb1ab62b5ee00abb4c8a8f0eb7c381753eb81e4782a5e1d3afa4cd68c
openshift4/ose-kuryr-controller-rhel8@sha256:af1809e49d3fce19d1053f92415632293be93267e0de2a9323e75be0511121df
openshift4/ose-machine-config-operator@sha256:7b1bb1ae2f16ce686b25009856d2ac5a4ddb3412be8a6cba6ab43908455639e3
openshift4/ose-ovn-kubernetes@sha256:fffdf0d2a27c9792db9a677aee9cbb3883c39f89771f644ef4c4d057ab9bcd67
openshift4/ose-ovn-kubernetes-microshift-rhel8@sha256:4c81687486ef0e3df1e4f893db43c20aece615544db222a08e67a07b31d1b3d8
openshift4/ose-sdn-rhel8@sha256:e6a26dc5e2f134836f5acf208dbbfd3cce13e284dd83637860eee7db2be4a889
openshift4/ose-tests@sha256:e59a417d59b8b59d4950e89eececef878e585ea00789bdf734bf95a299d3fe7b
openshift4/ose-tools-rhel8@sha256:b56d222c6c74d385d1886e8569fc01603c35eb27d7e5b5e0a85faf9c703d9166

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility