Red Hat Product Errata RHSA-2023:4238 - Security Advisory
Issued:
2023-07-20
Updated:
2023-07-20

RHSA-2023:4238 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.

Security Fix(es):

  • openshift: OCP & FIPS mode (CVE-2023-3089)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [Backport-4.11.z][KMS][VAULT] Storage cluster remains in 'Progressing' state during deployment with storage class encryption, despite all pods being up and running. (BZ#2209254)
  • Set ​​maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version (BZ#2213451)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 8 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 8 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 8 s390x

Fixes

  • BZ - 2209254 - [Backport-4.11.z][KMS][VAULT] Storage cluster remains in 'Progressing' state during deployment with storage class encryption, despite all pods being up and running.
  • BZ - 2211594 - [ODF 4.11] [GSS] unknown parameter name "FORCE_OSD_REMOVAL"
  • BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
  • BZ - 2213451 - Set ??maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version
  • BZ - 2224268 - [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4.11]

ppc64le

odf4/cephcsi-rhel8@sha256:fb6a071dc91f21f5ff38590d802e679bf44f20dbabf4524cd3dd8264cf55ba89
odf4/mcg-core-rhel8@sha256:7557630c028281db03e00b92041b58c2c099ab4bdd828a2eba27a220d6090d0f
odf4/mcg-operator-bundle@sha256:c4091f06ad38dff61088b239ffa6ba80fb7ea51ba1a92d25b0aae8dabc275af1
odf4/mcg-rhel8-operator@sha256:22ab900ede86ae29ccb2be3b154e0434eae20582bb1599d1e35852900aaec41f
odf4/ocs-metrics-exporter-rhel8@sha256:458543f7c9dcb7851c76411863499bbddd6e2f4608213f9695bda90f603f58aa
odf4/ocs-must-gather-rhel8@sha256:e5e506516e0c559c3d4e70ebac6e6f28a1aca88ac0972c760e83fffb43369b89
odf4/ocs-operator-bundle@sha256:f6635a50797b0cb0baf5f1ce064b53e5b1d28872b7b005845e43f0fc25075347
odf4/ocs-rhel8-operator@sha256:8919465b70f19840b7ba0725e66963417fb05b9e0c91d93ba9f8db8a795ab557
odf4/odf-console-rhel8@sha256:9b3e279ef5702d5c9cb663d4e1482bdb2c2f6ba007fb7ab3d04bd500d277272e
odf4/odf-csi-addons-operator-bundle@sha256:cf99fe74ee6b4597af35b72d90a92aa7091ac0364ef0ec4fcc075c9c435aa217
odf4/odf-csi-addons-rhel8-operator@sha256:4f25881e3bfe6aaac39c9d3c93ad644d874c4c638ac1beadb5306bf9484ba208
odf4/odf-csi-addons-sidecar-rhel8@sha256:ebd77f58f90d06da5acb5f926e764b6a692246029d49fa1b61beb8394c3b9e75
odf4/odf-lvm-must-gather-rhel8@sha256:bbceac437424766e150dac52e514e8c084b249b7e246c2d92f34466b76c5a62d
odf4/odf-lvm-operator-bundle@sha256:9c428080ad42861e7912abe0736f5c0c7548bb3d11a3fc8ec076bfd8b9b9ab78
odf4/odf-lvm-rhel8-operator@sha256:9674dfd5bed654ac24b08819d1e6c89975dc1ab03f7893599530ff48b3d4c5a0
odf4/odf-multicluster-console-rhel8@sha256:0a14cbe5af7a50b72d6800d49c6bb04b434e0a7738eecce4696d2ce4db222f3e
odf4/odf-multicluster-operator-bundle@sha256:60a045d25c07b9e3919d02d128acd8177920d5b98d1ac88169945ae202859d8c
odf4/odf-multicluster-rhel8-operator@sha256:a7264f664d32fda0a0dd7ec5099b6f91369b9f8bd4c5a3139c1c6bbbfef6adab
odf4/odf-operator-bundle@sha256:bd927bfd8d56a59a4ffa6fa0cb0a04aa67ded69d14aeeb6549bd9422cc8e6245
odf4/odf-rhel8-operator@sha256:5b6d1b2a26ed46efdaa56cd8cd4b03f25ed5a43b3b308c1bc39fc8b860a029a9
odf4/odf-topolvm-rhel8@sha256:2bbaf551bbd8e3009c91e3e7c077fe923713ff39e4856481fb5058c8b85d5406
odf4/odr-cluster-operator-bundle@sha256:c80cb02c8ef534315f5e9a0d1a1a3a8b292b577ff3efdb9d45bcb5a38accc131
odf4/odr-hub-operator-bundle@sha256:6b77912b08de9b787275e4a9e106f52576c9da9bba9557b9a81bdc2e9eae38f3
odf4/odr-rhel8-operator@sha256:11fe5363373d5f9f6b10c9f9422cd5ab3443c767d4270d66c44d0f8fcd6a957c
odf4/rook-ceph-rhel8-operator@sha256:e6f4fdf9074ff8efab27ce3bd7eba23077d42a4b5702ec603f8906282c8811b6
odf4/volume-replication-rhel8-operator@sha256:f5eca4bb4a392cb1eafd5c8ab9f19a67a1f730635b9aac7e38449abffa10bd81

s390x

odf4/cephcsi-rhel8@sha256:fc5994454ec74d505549bbc5a25c0950bbe86a6703d9e29bff1e89b98cb54dbc
odf4/mcg-core-rhel8@sha256:be61a7ff1a474b1516b42e0a7b5b7a02b2b43a5efe112e028b069dfa0264b411
odf4/mcg-operator-bundle@sha256:df945349171cb6cd45f6f2ee9ec3a569ae29a043f2928cb21d3cd22b8b716b94
odf4/mcg-rhel8-operator@sha256:1795a6286c4e8b6f2803d9b52a3662fdd14236395d6d9382ee1e788dd0d5d72d
odf4/ocs-metrics-exporter-rhel8@sha256:ca35330d2b09f0df64ead38423b95d759f18f84715186b4ae4807e430e2b919d
odf4/ocs-must-gather-rhel8@sha256:3bae87a4567063ac7caab2799524f304e1b21e3daf68cbc7b9c3529ba23204eb
odf4/ocs-operator-bundle@sha256:2f95f8913a767f3f2dfe77e4bebf2e87dc79f8fb2256d4a7a1603df744622be6
odf4/ocs-rhel8-operator@sha256:2c409564639493ade6d7ad0bf0ee434c3c8ad25ed47cc684b5a35200356955f5
odf4/odf-console-rhel8@sha256:4bd899603a1efae76f8aa42d7a806b2402caaa0edf2362671e98677e8caf6692
odf4/odf-csi-addons-operator-bundle@sha256:ba69d808b425a2e7cc3641c2245db89c52f2c600455a4eab5aae050a34200ce1
odf4/odf-csi-addons-rhel8-operator@sha256:979031e1d9312c8f1d84c33766227d49be73db12ab889c6e28a2d2fad978c91a
odf4/odf-csi-addons-sidecar-rhel8@sha256:39a627dc3b88149021444223418a4712e9775a5213e0fa69c965b4e83a3cba19
odf4/odf-lvm-must-gather-rhel8@sha256:ffc423f104853fca800e07ada1f82f9d37055b01eaf2114cd56702484cdd37f3
odf4/odf-lvm-operator-bundle@sha256:18147f19209e088137e05e830b7190c5ebc1ec3c04cc1da11e34736df932b58c
odf4/odf-lvm-rhel8-operator@sha256:490c51c56c5907c21655b63906fa6655c984ee3caf6359bca614746e8c7f9e42
odf4/odf-multicluster-console-rhel8@sha256:b6711223893a55d5639fa1459d657aae6815cdfbc8fa11412501aeeddcf8ce7f
odf4/odf-multicluster-operator-bundle@sha256:60c5bde61d5a75f8725ea1a397460335e91e7999557cd86325d93d31914618ed
odf4/odf-multicluster-rhel8-operator@sha256:106a9c2d115eb6007122a4e74133cfc73869e7ddea9c8e46d5f5398ddac4e3b2
odf4/odf-operator-bundle@sha256:27d01e25a2b538f861643ab35ee188a88af87b8fd61f064aea6cfc0c0cacee24
odf4/odf-rhel8-operator@sha256:e01eb29c40d00dcb8dad987c93946b059c59f1a0db8c89f34f9a0e708ca9ac7d
odf4/odf-topolvm-rhel8@sha256:1e69fe5ab1fb4b54963846075d7f54f4d99c2bfe0c522ef042d6514e0b8f3e30
odf4/odr-cluster-operator-bundle@sha256:c5e11eec092f9d5be523fde0da35c2f2f4b95021cc0d4f07975d09ec86fbec50
odf4/odr-hub-operator-bundle@sha256:9acd073df431d3027464e3f7e02c503bc617689b81b975844229bd8531377bc8
odf4/odr-rhel8-operator@sha256:4fc68602f621d3c076d1e027b8be3b7e709f952f656661cbe7f0b7ae98756aed
odf4/rook-ceph-rhel8-operator@sha256:8e7755e644dc65f65755c6158324c15f77d497983e75b76803c368799e333995
odf4/volume-replication-rhel8-operator@sha256:5cfaa6ad494af8d5fb45243082735e72ff17d398aeb387b5ee40f848f3dc0ea9

x86_64

odf4/cephcsi-rhel8@sha256:d4a2dad8e2975aed3c597dd717156e702d45e86b2ba447cbda5835a4c34aa024
odf4/mcg-core-rhel8@sha256:7f7fa238e0420b703096893071015a7cd574aa526c794bfc2ab582fe15507258
odf4/mcg-operator-bundle@sha256:d04e0db7ccb397a8f6b77825bafc6e95e7cb99167048df19190b668ddca48a15
odf4/mcg-rhel8-operator@sha256:f0b56bce5c778dc317c0ee6d3cf498cd6e9cbaa6fdfc3b62f4da6f42c91490b1
odf4/ocs-metrics-exporter-rhel8@sha256:ea5822299be0e4ec4f0192fe1305e5aa1e4ea1a27b0c40a0fbaa76c6eb5adf68
odf4/ocs-must-gather-rhel8@sha256:f771d3e484f30d7e4968fa92b00825184d13f96cb2f47c82ad0287fa9b407b3e
odf4/ocs-operator-bundle@sha256:cf8db918e0653c7b01aea9a7834e538e5e59bdeb6f08cde8e1ab66c7dd68eaa2
odf4/ocs-rhel8-operator@sha256:5e571589a9b056bf1085b9c250a12f72fdc7efe69a207114c4c14114ad90c350
odf4/odf-console-rhel8@sha256:32129e39f0b8cf943d7e0ca49743fefe9850c9a0d6428a513644c546aa62b5ee
odf4/odf-csi-addons-operator-bundle@sha256:3bcc27e47ea4aac1b71b785cbf71b53e25872690631c6ebed061c9668e815445
odf4/odf-csi-addons-rhel8-operator@sha256:1681784fffdf82a41b9ef08b5ded1c72fe580c1530604dbf2ad807ba2e3d3376
odf4/odf-csi-addons-sidecar-rhel8@sha256:2012feafd7699ddc14160ad5e6a2c976bd8bc02a23ddd13e347a8941fc2211af
odf4/odf-lvm-must-gather-rhel8@sha256:be426cfcf7df5d053c5edbbe96231434305fcb5278560aca13be8b99b900afcf
odf4/odf-lvm-operator-bundle@sha256:4963f85073f41161e2ac55132a036e03d0cb3fae8297643e3dfc42fd6783b36a
odf4/odf-lvm-rhel8-operator@sha256:6214a3e1ebf9178c365ccbed29b0302a8747501128d74a1c3e4c0c20427ea7ac
odf4/odf-multicluster-console-rhel8@sha256:07a2c369d7f33d9829c1ff291ca536362087c68818d99d4cd4ab281048405173
odf4/odf-multicluster-operator-bundle@sha256:2b0011d35c1487e8d7c4ed054aa02f80c3a6bd052ed58d9efedd646050109e5f
odf4/odf-multicluster-rhel8-operator@sha256:3c08ecadeba4e3c828e1d9d21154b52c1ba06c1e356ffd9ac1b84751e967dfef
odf4/odf-operator-bundle@sha256:7ba7860d525ff5f1b9e6187a6fd9dbb5e01143a72deb310c529fb8038d492cc8
odf4/odf-rhel8-operator@sha256:fe30a1e872e42ab464762f5b03cd8b9a7da2b191a97dc4975c4c7f2ea35b914f
odf4/odf-topolvm-rhel8@sha256:2570a316c8c32e63eeec6887fea25c36b75fa33ffdb99c14509473cfeac5391a
odf4/odr-cluster-operator-bundle@sha256:6f2fff5350c9742c35cba74ebd5bc7176759a51cf7e2a94a9358c9466b3dd25f
odf4/odr-hub-operator-bundle@sha256:b0ca4d39709640cc7a9f025f0fb685f892ea1e58c277f574a5a90154482e68c5
odf4/odr-rhel8-operator@sha256:6335e2f54436b7f44cde81d3511692d703cfb68b8c2648afe8d1a49452acec3e
odf4/rook-ceph-rhel8-operator@sha256:b7a31fdc306095e47029b709804c42fc684572f24fb4f3e432b33b066cb71b18
odf4/volume-replication-rhel8-operator@sha256:9b07603ec247943b3f123866e6e77d16fc2d57a05ebdf9df402e2e6c565c8288

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.