Red Hat Product Errata RHSA-2023:4241 - Security Advisory
Issued:
2023-07-20
Updated:
2023-07-20

RHSA-2023:4241 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.

Security Fix(es):

  • openshift: OCP & FIPS mode (CVE-2023-3089)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Set ​​maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version (BZ#2213450)
  • [odf 4.10.z] resolve the CVP failure for operators.openshift.io/valid-subscription annotation in the CSV (BZ#2222863)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 8 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 8 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 8 s390x

Fixes

  • BZ - 2211595 - [ODF 4.10] [GSS] unknown parameter name "FORCE_OSD_REMOVAL"
  • BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
  • BZ - 2213450 - Set ??maxOpenShiftVersion to block OpenShift that didn't upgrade ODF version
  • BZ - 2222863 - [odf 4.10.z] resolve the CVP failure for operators.openshift.io/valid-subscription annotation in the CSV
  • BZ - 2224269 - [Major Incident] CVE-2023-3089 mcg-operator-container: openshift: OCP & FIPS mode [openshift-data-foundation-4.10]

ppc64le

odf4/cephcsi-rhel8@sha256:519fbd01a45c77ec2176d6d23ef983a7f5e4031ec87058261b3c0c82b0fbe6b8
odf4/mcg-core-rhel8@sha256:a4e82f46975b1a16a8e26359f1ba3681cb2101f5caaa99fc18fab2ad4a2ea24d
odf4/mcg-operator-bundle@sha256:1faca87466a05d735a373aeaf6dec4b868c7c4dbe5942f5a8bf84d312c38d2db
odf4/mcg-rhel8-operator@sha256:57b867862f7182fc8ee57e530b00963cb1b67bea8ecefd043d83ae300d5458f7
odf4/ocs-must-gather-rhel8@sha256:5b38671c4d34211a88e56949368307836d8d69f4f76e802dcd4a5aecdf2cb9ee
odf4/ocs-operator-bundle@sha256:c02b0dde81b308dcf49fda04479d915d878376486c733f5e4d52c924829aa9f2
odf4/ocs-rhel8-operator@sha256:054acd9c0de519a4f8efa013e2cd5429651dd41aaf80bd2b7888d8118fe77afc
odf4/odf-console-rhel8@sha256:9b7a22ca95a165806d5aa6fbb84ec0499364bb6b98a828042fae4e243fa274ba
odf4/odf-csi-addons-operator-bundle@sha256:5c57101dd02e01eddce459a2f36627e8a48c68ed687839dd8c45879cf862ae32
odf4/odf-csi-addons-rhel8-operator@sha256:c9034719dc27e80d002a551cd5564e4341b456e2b6948d97dd154460fd934b90
odf4/odf-csi-addons-sidecar-rhel8@sha256:f21461a7ff372591e4d4ca7e0778466be6c184714652dc9bab9c9367353e4dfc
odf4/odf-lvm-must-gather-rhel8@sha256:8161a3c2dd359f2fa32fcb33d100cf57fd04a843277781d8af4decece1decde4
odf4/odf-lvm-operator-bundle@sha256:1fc6c673266c0fcf7ea47d7bfc72d0dc7023361d7681ba3ea75a9bebae46a608
odf4/odf-lvm-rhel8-operator@sha256:8654ea87a294436703597aa44802dbbb6eaaa6dd1958341320c64860a5fac5d3
odf4/odf-multicluster-operator-bundle@sha256:78273bc02f6300c2cd79bbc39032d6f7af1d8157182b1da3a719dacee2bdea1a
odf4/odf-multicluster-rhel8-operator@sha256:e81f800f9a33521c8bf4c6c0b513b0a5e38edacb96c5de4a41bd8710f4998775
odf4/odf-operator-bundle@sha256:5ac99653aca37740343d1c786c5fc08a20660302cc94f393fe0e1b2f783ed762
odf4/odf-rhel8-operator@sha256:8c6ea62492e537965f64d6612eb42a45ec74426515a68f077de5e8bbc1e0ba4c
odf4/odf-topolvm-rhel8@sha256:1877e72f8b68613a2f966a18b7b6752fa517bf336271249c18d40cf0f02dc900
odf4/odr-cluster-operator-bundle@sha256:44c4c69a72c969a3c550cc1799261d402cbc1bf4b233b7924120940cd6591b98
odf4/odr-hub-operator-bundle@sha256:beb8a2689eddd79a7934ef509c7a99400197067512207ebca23ee7ee6ba18510
odf4/odr-rhel8-operator@sha256:5eb77a6122d752720e380fb621162a88e55523df050e8376431fc188ad3133d5
odf4/rook-ceph-rhel8-operator@sha256:cb269a84a7779ff2e48b843ac74ba51afba2d17538d81999a208e31971b5ca95
odf4/volume-replication-rhel8-operator@sha256:c2580d0f8bb2950ccce20612f4c3c2714bec9d9725b6a52681e09fe1390e6f48

s390x

odf4/cephcsi-rhel8@sha256:748aeb475d0f42ca7955a1fc82236a3a08ab3e3f8c5f4c868369f97a0ff558c9
odf4/mcg-core-rhel8@sha256:0fca40bfd16caa1dfa549d19e038514f19b3346a85b3417c53be031c0b66b7c1
odf4/mcg-operator-bundle@sha256:7714e38f6e59dbfa7b1b29c81246eff06a8f64b4b6be87d5ff3d5025771d3004
odf4/mcg-rhel8-operator@sha256:0c58d2245ad9af91c9d508d577aac369d2c0bd159f1fb0057ae217fd2e069333
odf4/ocs-must-gather-rhel8@sha256:52c90e3a2e9ac12b58c1890c1603f0a6d240d2beb3af1b131901845a5e3620c0
odf4/ocs-operator-bundle@sha256:2ef7764ba0e73f1d3748cebb068ca13a3ee02126f87854e9ef0f1f69eab61380
odf4/ocs-rhel8-operator@sha256:b01704963af92032b63b820fdb1030a3bfaf29fae0d427443ea22764a35717b5
odf4/odf-console-rhel8@sha256:6fe4967cf4be02de2fe358c1177cf2d220af9dbce3211792bc2ef1c1a5d6f679
odf4/odf-csi-addons-operator-bundle@sha256:7c4223b24116ecd83cee8c6fc1eda11b222b20734ca81843d2f2fa1da2ba87c1
odf4/odf-csi-addons-rhel8-operator@sha256:42d69dc5320d0e9cc131a4c24d8ac1989a67624ea09bbabc776336f2afb9059a
odf4/odf-csi-addons-sidecar-rhel8@sha256:656c8f53747a8fb1e31f09fb07a242fd3826362f975e524dc9af442c605a78b2
odf4/odf-lvm-must-gather-rhel8@sha256:86ab8ddfe9cd58aba5446eca773104c9998b1a627f56870efb5e407ebec9a109
odf4/odf-lvm-operator-bundle@sha256:7edc0a2bdd4a8cc99ebcb1399c21c5d801999b0926e037c53f68bcd045e2e97f
odf4/odf-lvm-rhel8-operator@sha256:a453069e5f2cf83b426105b635500b5b699628a04a10752b2920bae323f19384
odf4/odf-multicluster-operator-bundle@sha256:f0a3fabd276451ea95326337afc570c413eb137bdf0d0a4f5a94a59a47429a3a
odf4/odf-multicluster-rhel8-operator@sha256:1e7ce19332af1deccb7a3c98f7c3e2c4b0663bbbe3b04a5c9c77c7ea4a3ec31e
odf4/odf-operator-bundle@sha256:0d58194975fb99b6a0b6a35ce80f5718ea9e642ede91026c4db73f5171df2c42
odf4/odf-rhel8-operator@sha256:857aeb01702bdedea2e110a291328be13c498c8237d19923ed02e50619b8683c
odf4/odf-topolvm-rhel8@sha256:886fe72344fb8dec7c63a36750faeb0d72cee19e83d7b5dee8bee251e2756a4a
odf4/odr-cluster-operator-bundle@sha256:a2dc2edff47900782cd4b791661ed28d84d5c3b756e8f733e39abdca9ef3dc0e
odf4/odr-hub-operator-bundle@sha256:2808fc1223c5cfd2d40432a24e74608e341b29161924346417e9bdff0c2a980b
odf4/odr-rhel8-operator@sha256:2ce8050cbadc5cc0173e4961fe39bd2a98d37342e9d622af77a12cb8c51a36d5
odf4/rook-ceph-rhel8-operator@sha256:fc1e5e0c7ac39f51610c9a0ca84e2d945e0d8a67e314cdb6e94b101fc5e9ae97
odf4/volume-replication-rhel8-operator@sha256:507ff966eb199df658aa276815ac5b83f9d7e21695d5461ddbd5274eadbb57f7

x86_64

odf4/cephcsi-rhel8@sha256:bdcdc34a7dac0acdc2918187a248c96f63b1a91ec1a45bfece0056a6809f32eb
odf4/mcg-core-rhel8@sha256:fdf1dfa12cee34816dd67563272ef056f3402663c47b94c61e119f2b39d6a240
odf4/mcg-operator-bundle@sha256:a63b7a3dfcf67968fcacdd1c2113519a95a1e843c1b9a0d95f32d8b3b712d100
odf4/mcg-rhel8-operator@sha256:d1c620c7596100d3d8d45d4f2365a00a1235c3b2075bb4ef51128b3821595d56
odf4/ocs-must-gather-rhel8@sha256:784d2c763cbdcbd42c35188e68a25299547df5117b76745427db814341040338
odf4/ocs-operator-bundle@sha256:95bc149677b3fd73befcb81f704922f74c82b1330edbe8273c097701ee558999
odf4/ocs-rhel8-operator@sha256:982f41e30d936ee21f0323a321c123e995be09d2546b509facdb524ee487a623
odf4/odf-console-rhel8@sha256:361a0bb0b32682ec017f0298b20887acec70093436de6f6ac5b885f3abf34b7d
odf4/odf-csi-addons-operator-bundle@sha256:80d82f1a80771a76fcf87418702b11166ef53b17b34560683f7639fced586f20
odf4/odf-csi-addons-rhel8-operator@sha256:34406352d0db80ec5c9412df50e80d7630a6caac6689b3400bf71f4f5f02f045
odf4/odf-csi-addons-sidecar-rhel8@sha256:a3552d3816f0abacc36202e0077c3cb53d0ab8366a54d7295b6e6bc7f0e14456
odf4/odf-lvm-must-gather-rhel8@sha256:6c5089b6e72b62d2f721c96cec6a6d7dabbf93c3eecb24b9500c0ae216f05276
odf4/odf-lvm-operator-bundle@sha256:5a1e32487b439b260d781e0e6baf7a11c12964845d93b9e0f18d510df8f5bd76
odf4/odf-lvm-rhel8-operator@sha256:aa5fef8d96b5e81e4902bb4445f61e1baa8c26db1711d6031b0c761c5d2615d6
odf4/odf-multicluster-operator-bundle@sha256:b85da7f3f50c046d69055f8965df618be1f4e77a086c8d36fcc50ed7abf7d5aa
odf4/odf-multicluster-rhel8-operator@sha256:2f483910b915c8fd83e3b7d3efa1f1b5d0e953ab27057d424508b99f32c3ee39
odf4/odf-operator-bundle@sha256:a50fa705f702ef147f77aac8f50bfe87d0833a5b5e82fbd37d28cbf2a4515965
odf4/odf-rhel8-operator@sha256:6fc63d7f70057b9e91c07213a0a8b5f9d6143fea78e21574555ad802768ee68e
odf4/odf-topolvm-rhel8@sha256:76f0bf470c339d92a4f18596167f013ba6bdb81a025fd1916a13728b4ac5af79
odf4/odr-cluster-operator-bundle@sha256:79eb4698478a434cdc6d2cd8ec3d72ffaf5f7339d47f487c2f82c52f326a7868
odf4/odr-hub-operator-bundle@sha256:7bf709c3f4f140ffe54e04974f5c721cc33b97db60cf289c4c446de50223a29b
odf4/odr-rhel8-operator@sha256:43617b85586843b2067c9dcb0d490d4912c35075a2e818d5d20331fd0899ff5f
odf4/rook-ceph-rhel8-operator@sha256:173d59e775c6d744fd2c1901cafaa2e9e6bd7c8b04067d0730002f4391cbf1f4
odf4/volume-replication-rhel8-operator@sha256:2b49d74c902af385e5bf17c3fd7b77ceeb9db563d705cefaf5ae61e808eb6daa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.