Red Hat Product Errata RHSA-2023:3305 - Security Advisory
Issued:
2023-05-30
Updated:
2023-05-30

RHSA-2023:3305 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.13.1 security and extras update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.13.1 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:3304

Security Fix(es):

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.13 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.13 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.13 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.13 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.13 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.13 for RHEL 8 aarch64

Fixes

  • BZ - 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
  • OCPBUGS-13284 - [GCP] worker node with Sriov operator installed fails to come up online after reboot

aarch64

openshift4/frr-rhel8@sha256:80cdffccb419b65d5532b9ffdeea12d6cb6672e7ae44be5243f27c771f5eed08
openshift4/kubernetes-nmstate-rhel8-operator@sha256:79260e1b649a2ea8cd0376a89e2e1206fe6ebe4b5ea4b5151f07ced06ae22153
openshift4/metallb-rhel8-operator@sha256:54705785f43f8f9718d41acec5ed879ffcdc9335b1971a0e376dd7a2c8113af3
openshift4/ose-ansible-operator@sha256:8f7476bc09b15b6ab891b50bba6df1c264dc1b19b4900c3cee5fe9647259fa34
openshift4/ose-cluster-kube-descheduler-operator@sha256:25ac733fbdb3419f121b2e5a30a99cb012e03fb3f7df64bbdcb32ac8a97dcad3
openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:25ac733fbdb3419f121b2e5a30a99cb012e03fb3f7df64bbdcb32ac8a97dcad3
openshift4/ose-egress-dns-proxy@sha256:7d587bdc58526a29b3beaffc682ffca18d1a52eebcd0e5497bd728f10e7e1f87
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:7af5c9aff562faf17c4ab1e302d1d1d7da193cff85c59e61ed00f454346be3d5
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:6a2e6e1f06ae18dc23c5d6be4cd8219f376b16a33fce0c8d125c4941b4a76ae2
openshift4/ose-operator-sdk-rhel8@sha256:df6ba42e4ab0fbf45aedff1f4faa6e1aeb752560da24ebea322a4d0457c01c6a
openshift4/ose-ptp@sha256:5571045bd648e19e6331469d33e7a4b4f491eef2372adf866393d94ce113b2d7
openshift4/ose-ptp-operator@sha256:40342c0fc75f91d11da3cd5f3ca917692f534266379e18bf98ea9f8327e963a9
openshift4/ose-sriov-network-config-daemon@sha256:fde68d6aaf9d57229dc2e584e92074619f60672b608c70b8f734fd4f1d725dc4
openshift4/ose-sriov-network-operator@sha256:ce2a5799cbb178efe4097a5b1cbd3aab56b3762b72513bc8e764207e4201f116
openshift4/ose-sriov-network-webhook@sha256:f8f811eabb82dd79365e6bc020f12295a306cee3025c6cc6473be08e73528c3c
openshift4/ptp-must-gather-rhel8@sha256:6d0e6c88c9a668fd479a20d7e3ed08d017d0b9d4437718dc210dc7f3742f97cb

ppc64le

openshift4/frr-rhel8@sha256:fcf44a95569c639994af83f6e41ff095dff7d0146323b72306c9b20f81975b07
openshift4/kubernetes-nmstate-rhel8-operator@sha256:ff65d291d162474790220c66e4a8b81741937ef8d59ac830d5cbd1ef35ed74be
openshift4/metallb-rhel8-operator@sha256:cf11fb2446d8c8522397773d9a5c7901d6a162cc52507b5dc5345fb5c7c9cac6
openshift4/ose-ansible-operator@sha256:45cc2a7fbc5490761c39da214856a1a760257497d89befdd8dd44f7333e3620e
openshift4/ose-cluster-kube-descheduler-operator@sha256:aab3aab5ad246959da87d2f594c04388320431d0eb4d458309b0d7531f3a534e
openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:aab3aab5ad246959da87d2f594c04388320431d0eb4d458309b0d7531f3a534e
openshift4/ose-egress-dns-proxy@sha256:5508cdcbf4cc03f60e74832df6f23de67242e6446cd26459100117b4bf6b03b4
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:5e916a8714479d88eaa21a00ebc36235e24037062740f242138673655ae33967
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:2e1170d7dc493e40614e74f227cb6a195a6583432cddcaca9a0f68be8972cc71
openshift4/ose-operator-sdk-rhel8@sha256:77ddb6267510fcf37f0a2db393ca3a3830de11f429beecf5ac59e3e2cccbd37a
openshift4/ose-ptp@sha256:baa7cb1fd61a422d5d57a56c319734d011f63626a8c1817d287542359c3216c9
openshift4/ose-ptp-operator@sha256:5c4af499a9239ee6e4321f5c57af44ea1205d05629df915d02e358e4ead3a215
openshift4/ose-sriov-network-config-daemon@sha256:dcb954309256290b1762e6fa75e4a76b1298109121ec0a216d485d390dc20707
openshift4/ose-sriov-network-operator@sha256:97b58b433da3854047ee90938fa8564de241ba47e65c4b7f9ae54edc510a1aee
openshift4/ose-sriov-network-webhook@sha256:9a30f1884053abf9ea722308f38e88dc689940d6b80f5c7767b38af90528b975
openshift4/ptp-must-gather-rhel8@sha256:fa076d07815b05a22c116564d612873851996aeb4eac4eadc12fd79702a18f9f

s390x

openshift4/frr-rhel8@sha256:27b61ff010a28c93a02e296c7bf702d4c9aa389e41663a91ac3e213c62ddb629
openshift4/kubernetes-nmstate-rhel8-operator@sha256:355336bc41b827b2021e989961da25aa7da8ae4dd6d474ab6f5d89a40c982135
openshift4/metallb-rhel8-operator@sha256:b83a8fa0b2c712d6ee7a96590965fbb4f951e2602a4fddc095bb33156c9449a3
openshift4/ose-ansible-operator@sha256:9682defec0ef3ebaf4bee80ec0bc9c7ed8af81b7863e50dfd7a74359a1916434
openshift4/ose-cluster-kube-descheduler-operator@sha256:e28acf63f4a08bbe0e851049f28c8db3c120b710afd4e86809bb186450688722
openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:e28acf63f4a08bbe0e851049f28c8db3c120b710afd4e86809bb186450688722
openshift4/ose-egress-dns-proxy@sha256:8334aaf295d4fa31f7877128831ddbdbde41eb5640639c4440c0d3cf9087dd3e
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:0826de40720228ef462a963195a9239ccb1575eee06bbf5c567d83a0763852c6
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:85ea0a1d1ebf8541f429d9241c170ea14e15c98b622b8654c0bb8ef52497d60f
openshift4/ose-operator-sdk-rhel8@sha256:bbd0d8538920be55408f4488b48ca1c7a833eb43d0a1ead37cd0d64952232cb2

x86_64

openshift4/frr-rhel8@sha256:8c1cb70c4570a3fca632e9b2845eb9f5cd566234230dc85384f7f911321c5850
openshift4/kubernetes-nmstate-rhel8-operator@sha256:e306d6295ecf2a892714c856af825eada4bc377dbe9bb763d3f945e6b36c9bac
openshift4/metallb-rhel8-operator@sha256:dca3ef36a6fe852f80d71940bb09fbe941c5c10e45c01b108c1c8b9eab3a5946
openshift4/ose-ansible-operator@sha256:a6f4ce2b8e07851083368fb2f1750a8ebe0bbc72b7adbbc1d79f8cf8462fa283
openshift4/ose-cluster-kube-descheduler-operator@sha256:b0d886706f648318cbf5a13cd0ffa0dde52c2966e42d7d99c5e8b7d344480a9a
openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:b0d886706f648318cbf5a13cd0ffa0dde52c2966e42d7d99c5e8b7d344480a9a
openshift4/ose-egress-dns-proxy@sha256:59f6247d806c32b383688eef9fb79e1bf32c6d89ee6b0503b34429b46b1bf246
openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:02c1e57fc0ce6293245b80351b9513d6ebedfa4dfbe1860209e2373afed62f4d
openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:efcd9f87a94f688a3a7d5f1c35915e59bec90da95dc340c74d95bcb47963c304
openshift4/ose-operator-sdk-rhel8@sha256:3103ad9410312796b85e025de11c50b8adfe188fa3bc63b048ecf648a79ff798
openshift4/ose-ptp@sha256:90c63c7db27b383c4bae6a533ea986cafd2a5a45be6ae898c9adfd00da92fbb4
openshift4/ose-ptp-operator@sha256:cb9208a9cad811676480b51662f138651df55fe00df1d65af74be2e8261fcaa8
openshift4/ose-sriov-network-config-daemon@sha256:ff770b7ad7fba8a31af043a95a6dbe43ed342e2297d133bd4ed816b445b8d7af
openshift4/ose-sriov-network-operator@sha256:197595c3cd482f17de6918ed4e1c0054af9671eb873e220bfbb55bbb1963ba31
openshift4/ose-sriov-network-webhook@sha256:ffb2b15662d72699446d88e68f2d145964b83d337e2ee2b10c732ddd1c7462e5
openshift4/ptp-must-gather-rhel8@sha256:2777bc1acbc2f41eeef8cfaf5203e3e4d8b802d27668a1294a8e88fa8be129f7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.