Red Hat Product Errata RHSA-2023:4488 - Security Advisory
Issued:
2023-08-07
Updated:
2023-08-07

RHSA-2023:4488 - Security Advisory

Synopsis

Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]

Type/Severity

Security Advisory: Moderate

Topic

The components for Red Hat OpenShift support for Windows Containers 6.0.1 are now available. This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Security Fix(es):

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
  • containerd: supplementary groups are not set up properly (CVE-2023-25173)
  • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

  • BZ - 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
  • BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
  • BZ - 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
  • WINC-823 - Test generated community manifests in WMCO e2e
  • WINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite
  • OCPBUGS-3572 - Check if Windows defender is running doesnt work
  • OCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade
  • OCPBUGS-7726 - WMCO kubelet version not matching OCP payload's one
  • OCPBUGS-8055 - containerd version is being misreported
  • OCPBUGS-10418 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
  • OCPBUGS-11831 - oc adm node-logs failing in vSphere CI
  • OCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature
  • OCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process

x86_64

openshift4-wincw/windows-machine-config-operator-bundle@sha256:cd4c5c5b0fa1691a48d2ac33a2794c89e8e60d804a6e36d42ccd868b90c5ac05
openshift4-wincw/windows-machine-config-rhel8-operator@sha256:0326010fe1acf466d43a363bf7285a814443c73a2be821cdd7465c0defa04401

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.