Red Hat Product Errata RHSA-2024:11292 - Security Advisory
Issued:
2024-12-17
Updated:
2024-12-17

RHSA-2024:11292 - Security Advisory

Synopsis

Low: Red Hat OpenShift Data Foundation 4.16.4 security and bug fix update

Type/Severity

Security Advisory: Low

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.4 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an
S3 compatible API.

Security Fix(es):

  • cross-spawn: regular expression denial of service (CVE-2024-21538)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug fixes:

Previously, the `PrometheusDuplicateTimestamps` warning was seen in Prometheus that indicated that metrics with same timestamp but with different values are encountered. This was because the nodejs report generated default metrics that overlapped with those from the core report. With this fix, a new regisry is created to collect all the default metrics of nodejs and hence resolving the warning.

Previously, Ceph S3 object stores in OpenShift Data Foundation external mode needed to rotate certificates each time the RADOS Gateway (RGW) rotated. With this fix, well-known certificate authorities (CAs) are used to attempt the authentication of Ceph RGW daemons. The well-known CAs are determined based on Red Hat base container image’s certificates’ RPM package. This enables OpenShift Data Foundation to continue to operate in a healthy status.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
  • Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64

Fixes

  • BZ - 2324550 - CVE-2024-21538 cross-spawn: regular expression denial of service
  • DFBUGS-835 - [backport for ODF 4.16][2277298] [GSS] Namespace store stuck in rejected state
  • DFBUGS-697 - [2321231] [GSS] duplicate metrics being produced
  • DFBUGS-532 - [2297066] [Provider mode] Improve logs on client in case StorageClient fails to connect
  • DFBUGS-445 - [2319099] For hosted client in 'Connected' status and storageclasses added, Storageclaims are stuck at 'Configuring' status
  • DFBUGS-444 - [2249318] Error RADOS object not found
  • DFBUGS-279 - [2322685] [Backport to 4.16.z] DBS3 backports
  • DFBUGS-168 - [2317554] [Critical] Upgrade ceph version to RHCEPH-7.1z2 at ODF-4.16.4

aarch64

odf4/mcg-core-rhel9@sha256:acaa94ae87e0296ce554df93428e99dd70272f9a8c627ec34892ef056f4c54c4
odf4/mcg-rhel9-operator@sha256:4e3186a798c29ba018ef67c2247171bb3658d414682052914295bd9bf505d579
odf4/ocs-client-rhel9-operator@sha256:05c4808fc86ad4887237081e72b092d9bb2fccdaaf9c4b6935f4860f9cec5644
odf4/ocs-rhel9-operator@sha256:8b1d8d3f72ab52d8928ad901f9a6576acbd6fa72524b3cc415ad0a369e9e0e65
odf4/odf-cli-rhel9@sha256:7087b7cabed6484ac661cdf5e646dc1906de9108ff29a851622678d521b541f3
odf4/odf-csi-addons-rhel9-operator@sha256:c5bd02bb21cc6b39154e6bb3a2c885cd5c6b29b677c00c00b119ce7afc5b8cb5
odf4/odf-csi-addons-sidecar-rhel9@sha256:4963b41a20a4f05677db9e010d026a89bc9b786129a568ef475aa906859741be
odf4/odf-multicluster-rhel9-operator@sha256:73ee15e9555d38a0dcdf7da261e481b1cefba67f0e508468c415e56954ace616
odf4/odf-must-gather-rhel9@sha256:66f27115f4da1fba2a4023b3c099285679b744099ae515f5bb07ff8552a77d6d
odf4/odf-rhel9-operator@sha256:faf1b95e50c1c91c5645377a79c21dba625bb1c256054bfbd4758ca2d5c2961c
odf4/odr-rhel9-operator@sha256:d3ece5754c98629859f2463bf76052232735d1f2cac7c4b1b1cf82a9b42b3745

ppc64le

odf4/cephcsi-rhel9@sha256:7b88f344728e82bac5c5ffaf4b39f8d54e1383715cc4343ccbc38a625a5230dc
odf4/mcg-core-rhel9@sha256:6e6bb6a396fdbb5cc7869530a057f7f51a1a4f55c363e9c8f1e4be0c6ea8786d
odf4/mcg-operator-bundle@sha256:62d841ca70ae6de06658dc57371cbc8c6d021c8f101203ec1c1c12005b0a3aab
odf4/mcg-rhel9-operator@sha256:bd38fa0d37d507682f8c73ba1e364b316919096372ca3d8c35ce0c2c6eecb5cf
odf4/ocs-client-console-rhel9@sha256:41ccd735b885dc8d5b3fe36ef703e473e2969bb13a43dac9f4b3967a79432078
odf4/ocs-client-operator-bundle@sha256:448436fe019970c31b2cf408fd021da1f05a6dda2dc04bc149b446880ce0afeb
odf4/ocs-client-rhel9-operator@sha256:a16d81051180e10ee7373ca3210835f88c15b97d8c23f58c192f401a709fd239
odf4/ocs-metrics-exporter-rhel9@sha256:eb33f145aa69b94b785f4170ef3853c51e65d955c1e5db857d72b43f6609d97d
odf4/ocs-operator-bundle@sha256:c06e8534950def48a998530a1ef9cc4b8b3204daea86a07b6899d2499866fc4d
odf4/ocs-rhel9-operator@sha256:5bd4b43bc2a404b255270ad1d04f75a937058d2c2317c23082e0fbe64ffba73d
odf4/odf-cli-rhel9@sha256:d7b2995335b8358d7e451e89fe1dbd47e46fddff0dcc477e0e2cc5229f448dfb
odf4/odf-console-rhel9@sha256:3ff68979eaeac7080c7c72c26c8677ef5e6eedf67078c6632c8478a4cf7b6b0b
odf4/odf-cosi-sidecar-rhel9@sha256:de19de9da4ba29d1257f84c68fd26c0ac536519a6244a3663316f66c88afa402
odf4/odf-csi-addons-operator-bundle@sha256:aa97fd8e6fa7763d616ff7eaa147b9864922c0d489e0812b6bbe2818b8b97cc0
odf4/odf-csi-addons-rhel9-operator@sha256:a53795fb98e59460f13fd1575cd161ee909932c80f12af33ccc02ca87b8855c9
odf4/odf-csi-addons-sidecar-rhel9@sha256:6f1cc8d4aaa8a6bf0574aa7af45a050ca78970b589e7d4332997cc3397760a0f
odf4/odf-multicluster-console-rhel9@sha256:74713635aea3621fa4f0473dc5a3b5c2adfb5d410005a53ec45679b12e4aec99
odf4/odf-multicluster-operator-bundle@sha256:216e3a6ce689de71edd806d804a5e7f6d2a8cacdee176caf25abba02c1e3846f
odf4/odf-multicluster-rhel9-operator@sha256:a73d11bbc6b7ab4b8d20eb8f1ed5447e006c30b85038c9407948e59c3143db96
odf4/odf-must-gather-rhel9@sha256:d8654b84a8701a2d52d6adffdf3554d16ea01b7f4e63386c04069dae2e3a9bab
odf4/odf-operator-bundle@sha256:91e1a30c0c4afbfa4f1b1a3fbc5cf697118b458db9f4b95747ce7f1b042e9af9
odf4/odf-prometheus-operator-bundle@sha256:ff0fbe43b8cb3f2d0adaa812b2ab1a2889b2a1706ac06de98911d86a2ed4d6cc
odf4/odf-rhel9-operator@sha256:5a2ff42a665bf1bf6798c743c2971be556fd961500012fe844a350392ba2eaa9
odf4/odr-cluster-operator-bundle@sha256:e2a2a6aac5f1c910b0841ec3677bb01cb68104e6cfcaa6230b3178137433d6d6
odf4/odr-hub-operator-bundle@sha256:cf4fb84d805cfb4dc5f443168cc41e9ef2f435d7130e134e7abc77b2e6d64409
odf4/odr-recipe-operator-bundle@sha256:24518b16c25b08dce9e47475c5e84ce7dc40d5bb32266d9c88990d8cac848071
odf4/odr-rhel9-operator@sha256:3413fb0ff7f15c1b79514fdf57a58aa8ab28c6b01343cd46244507eab32bb27b
odf4/rook-ceph-operator-bundle@sha256:6e318d9b1ae25bf7fe31f6c9399ba4f27c20f195da55a6b06d8b7b13596f04d8
odf4/rook-ceph-rhel9-operator@sha256:708e7468005d768cff81643978f5a061acf55f669be56527554bd2338b056cea

s390x

odf4/cephcsi-rhel9@sha256:42dd623bf98ad9e4976bed7a388b2883c3635a1b0b6ab7745d06dacbd4bd8ab0
odf4/mcg-core-rhel9@sha256:e2aa25b85736aa03af19aa785de86ffbb973cfb477e72f61ef62f48e3ce62260
odf4/mcg-operator-bundle@sha256:298ecf57cc19a56b57d49dad7e413684cd4803f09f05ea1dc8a81d05774aec6d
odf4/mcg-rhel9-operator@sha256:e72434864b533d508a4388e7f76233fb94d4451a4a2e832aebcc0303d91292c2
odf4/ocs-client-console-rhel9@sha256:067570cdaa88237817c0ee702bcfb7bf0dc1405ff4209ca3e26262e56a8cb19e
odf4/ocs-client-operator-bundle@sha256:5c1f90946b7e3eabb63505e87de66f55dbe6eabe46c2ae87bec7f4a83f9d6ffe
odf4/ocs-client-rhel9-operator@sha256:430b4c41bf49eb1329d5600f4e4eb8224631694ba3f6fce9bc0ce84b84cf06b7
odf4/ocs-metrics-exporter-rhel9@sha256:6991e3ac8330ab3ba764a58cf6fa8fb35c46ebe36db1c8acee6575ae518a7425
odf4/ocs-operator-bundle@sha256:bf82eccc3506de0de1074dea085140f8049ca614daa660874445ecac3e704ea4
odf4/ocs-rhel9-operator@sha256:66ee33e71123d00f204ca3c737258d6baeaaa3b58a49611cb15463fe737ab688
odf4/odf-cli-rhel9@sha256:dd64f6d0a60e15cc5ed4873c71991de9b0569af0baa6e70399e839c172fab75f
odf4/odf-console-rhel9@sha256:4d65f47a6a063c6d59a6c6a9a2f791eb74b5fea528ea2c392519b5621ba909af
odf4/odf-cosi-sidecar-rhel9@sha256:c596d22f69f91bc387e34a8a9255b23169b153116002392f00643411ec22a958
odf4/odf-csi-addons-operator-bundle@sha256:0e946ef7d750e23dd61c6d73501dfe58f297022af8decc129a065a4c81d98a9d
odf4/odf-csi-addons-rhel9-operator@sha256:b00191654b105e6e5bba5f739749f9efa9ea247c74fb251460a908681e910f10
odf4/odf-csi-addons-sidecar-rhel9@sha256:611cdc13fd7b09c8ce96fb29ad61a9bbd4546b3f73b9ba00ca83cbd434957b21
odf4/odf-multicluster-console-rhel9@sha256:7dd7df0e1aa84b5e739995e06bfaeff6acd91d1e4c7856dc57a3c03c3cac6630
odf4/odf-multicluster-operator-bundle@sha256:05c45c602248a223d84c13c97a6c9f888089f68f2644e0a48f23747b6ceb5910
odf4/odf-multicluster-rhel9-operator@sha256:7282f999fe1f4177b01e37ed5b711c409c7b6369d93b4ed36b40b481c94723ee
odf4/odf-must-gather-rhel9@sha256:9da4459eb8c88fe17771878a7776f65964e61a632f230fe4cd462ebcfa641615
odf4/odf-operator-bundle@sha256:a24ff92a82dc1cad0f736b8765cd3088a38a9aad6b2ad9f76fce4f9c47d3d7e5
odf4/odf-prometheus-operator-bundle@sha256:a196b330fd812934f812b84f03905477979c9cc5e6b672a0a38f99dc10135484
odf4/odf-rhel9-operator@sha256:1b6f45fd1459dc5e22b394c4ea672521b44bdf774e232d91179eed8cc918a9ba
odf4/odr-cluster-operator-bundle@sha256:4087c71cd8ba69e24d47e98a95b36ad546a41bfb0fe58364308198d4b4c891e4
odf4/odr-hub-operator-bundle@sha256:7318ed0dc19007bc928f5380032b66f9437c77b8db2395617f8ed91bcc2b6aeb
odf4/odr-recipe-operator-bundle@sha256:50d9ae26a829783199b7b1fc7fde377f5114f8d45de757186c46cc0614b9070a
odf4/odr-rhel9-operator@sha256:62fc12fbe3702dbc8cdf2d50fe08db93b33d7bd5b43e89d2294cfcdda8f2babf
odf4/rook-ceph-operator-bundle@sha256:429d7ab3124fdfa4b661296f37e37322bc5aa7aab0b052e760f2d9f63cc104f0
odf4/rook-ceph-rhel9-operator@sha256:9e4b3aa70e6d2e315f803bab3e6fa8656620d1852c29dec6a8c3aaa0198d1a53

x86_64

odf4/cephcsi-rhel9@sha256:cab37aa3f199c7bbd435f9c2c3b1e7878e221aacec03b8ca09c7c8cb2ec35db8
odf4/mcg-core-rhel9@sha256:68d67bf3abf73bb9d243645d5ead96c4ca5fa76898f2f7680aa3efa795b9fb16
odf4/mcg-operator-bundle@sha256:5f484f7973a9c1bed57518638d394ada24c313fcf50956fd366fa1afec9b9564
odf4/mcg-rhel9-operator@sha256:f64d94cc5a7622bf858b74af554218dd95e25f5179b1360f753ce084725d357c
odf4/ocs-client-console-rhel9@sha256:6a33f72f7769835d988921337b14486a05d9d14163ee47d42f84519391512d5e
odf4/ocs-client-operator-bundle@sha256:09eaa24146ceb33a8b03c29b1a8b7c3da1926c5e859fcea68d846906689b145b
odf4/ocs-client-rhel9-operator@sha256:36dc385f707795d079352394e09af9c1b5a0794149ce4219575c5a3d4ec0631e
odf4/ocs-metrics-exporter-rhel9@sha256:e9dea8642f968a5685e99d03ba73b6215384011e3d4536a0f1c12f4a0fd9d635
odf4/ocs-operator-bundle@sha256:29a3f42b193aabd4fe898230e9204d0ec1f8b39cd07b38979419a56333b87dbe
odf4/ocs-rhel9-operator@sha256:3db9e636a66f88d0e285bb57f459dfb8390766fa59ccd350ba6100aaf7910adf
odf4/odf-cli-rhel9@sha256:c0313b3ebb2974517b82a20cb7b807b9b44ce4bf41aa0070aff877975996d51f
odf4/odf-console-rhel9@sha256:eaea2db822ce2fd707c63a0437755a5d5a47f257de2d90fdd19d14ce187e830a
odf4/odf-cosi-sidecar-rhel9@sha256:9393d0001e10ea59272e77bf40e23505b85b0aac781b78745fc6217e6cb2a99b
odf4/odf-csi-addons-operator-bundle@sha256:9aa23de942ff6edf79abaef42e1d40117f5c3c865646e8c488e8b1a96b43abc2
odf4/odf-csi-addons-rhel9-operator@sha256:32d5e419c0dd4edfcfd592a03ce20de2779c4cceeaa45edf58630e983ea91de8
odf4/odf-csi-addons-sidecar-rhel9@sha256:6cdbd357f86edb11d3ef6823ff298fa16bdfaeba12440ffd553f355e30d20c75
odf4/odf-multicluster-console-rhel9@sha256:49c8286bf1392b7d61a632402f1e6d5b01c1e19ec64b054d571db83e2b4cae6e
odf4/odf-multicluster-operator-bundle@sha256:232f23238ca4ccda80209cd0dd31c89297844b70ae24abd28d6e977dbf6d865d
odf4/odf-multicluster-rhel9-operator@sha256:be258039bb67a0aecf693aaf1b545b9deff6a619af9258a6aa1f0799715aa593
odf4/odf-must-gather-rhel9@sha256:a94bc11f06e0ec9dd889709fe0723863fe22badc0b0eb291e8272aecd3740147
odf4/odf-operator-bundle@sha256:65566d43cb3961711e1ab373902d61a97b15a0412e6572b754aac68c55c5ef10
odf4/odf-prometheus-operator-bundle@sha256:1fb36cd2359ab3f0de8c3a1c9e1ec5a0e96f331a7bca65c0d5f82d59c625cb57
odf4/odf-rhel9-operator@sha256:0b8b4bef560216dd4257ad5d34e4aa825f4260d75a60eaaa35396543f13af9a9
odf4/odr-cluster-operator-bundle@sha256:3a8730b67e005ac389c7060ba2ead7ae6f53c2e387202788a4e3b99ac7991757
odf4/odr-hub-operator-bundle@sha256:c6380d60864a0181f5ca285aaa8a75c4496b895a301b7621129b69380bdcbcf4
odf4/odr-recipe-operator-bundle@sha256:bb088736f0478ab072bc9ad330ed74eeb58ed72441f0893ef97d7eda2bddbfbb
odf4/odr-rhel9-operator@sha256:e5b8d4a2abe9c579e2c236a4a2bb67dad14ff433ccc62066183274d4a8641709
odf4/rook-ceph-operator-bundle@sha256:94b34240acfae71fafe94d25de0ec4d603add5b8338df53640125630a91e8e4d
odf4/rook-ceph-rhel9-operator@sha256:28c4f16c7f6134a149e68a397a7044c82f972d69290d296e10453914c4b0e6a6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.