Red Hat Product Errata RHSA-2024:4959 - Security Advisory
Issued:
2024-08-07
Updated:
2024-08-07

RHSA-2024:4959 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.14.34 security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.14.34 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.34. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:4960

Security Fix(es):

  • goproxy: Denial of service (DoS) via unspecified vectors.

(CVE-2023-37788)

  • ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

(CVE-2023-48795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64

Fixes

  • BZ - 2224245 - CVE-2023-37788 goproxy: Denial of service (DoS) via unspecified vectors.
  • BZ - 2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

aarch64

openshift4/cloud-event-proxy-rhel8@sha256:3b9a2c010486c5ee7b61781c877dcbfbf40d3deb69ea3c2d0ce50caf2fbf2d7f
openshift4/ose-cloud-event-proxy-rhel8@sha256:3b9a2c010486c5ee7b61781c877dcbfbf40d3deb69ea3c2d0ce50caf2fbf2d7f
openshift4/frr-rhel9@sha256:542747d350755a6b77f93d4a52cb47b1ae10a029c4d8371fc0759d810b536319
openshift4/kubernetes-nmstate-rhel9-operator@sha256:ca7d4d14588f34646c8c8d37b8d063cecc5613bec2d0c972c4bbe9aacaa319e1
openshift4/metallb-rhel9-operator@sha256:357ea6ee4e66e9bbd6c158b74603c4a0e2ba83f3b4fce10d082a28a1e86388bf
openshift4/nmstate-console-plugin-rhel8@sha256:08e5984366ad89d2c3075c3186e7352404fcbdea7b5126e61c8a9460c7325dfb
openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:75b5c4e959175bcab89a3dadf0620ffd59163e8b152aa8145427784373022ad7
openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:6388a8891240c50c728539905b33f1f918f61ed88729419a4b273eda87dba877
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b51f2b972ee7f7e3b908de04ad06fd221faf7e88291a1a592f1a6414365abff
openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:77db5d128037f90ae5ab7534f1b486746b2544dd17b5917f94eb4fecb6ed4dfb
openshift4/ose-local-storage-mustgather-rhel8@sha256:18f643dab7008fcffeb483dfb6281028f358e8ff60d4513853074e65f1186e8c
openshift4/ose-local-storage-operator@sha256:81772109a579b7183dcac99a6ae1c35848234314ba7c4df1d912bfbf1302a1e9
openshift4/ose-ptp-operator@sha256:b0843083aac0a7245987a606ca818bf7e4d3b60850f649fcaaff7164a49733dd
openshift4/ose-ptp-rhel9@sha256:e882f4bdb00058a00f9744b1c72b0f956db573b493f705b30bc9d3cfb011803e
openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:99cd4b1236e8e9b9133d9b539a48dca6b581b58c55af2904ed6a2ccd30b4e2a4
openshift4/ose-sriov-network-config-daemon@sha256:4185b4bb21d091569593957e23beb328e0854a0dbf5daa719f7f27880451cb67
openshift4/ose-sriov-network-operator@sha256:887e817ac88431cde30a8398be96d2bb3b1163f961c67239f46c2cd13fdbcfc0
openshift4/ose-sriov-network-webhook@sha256:4786b3c6eff5ff6997a9f0aa303d69143f111f70913acf3bd27c95244b7f36e9
openshift4/ptp-must-gather-rhel8@sha256:fd1648cd3ea2c1b66abf6d08712ce0d1182814f4f367e605b782cecfbb8d585b

ppc64le

openshift4/cloud-event-proxy-rhel8@sha256:e40a806a703573bef1b78640d8fb5368467f8839ad45d64029728de5bf7a0d41
openshift4/ose-cloud-event-proxy-rhel8@sha256:e40a806a703573bef1b78640d8fb5368467f8839ad45d64029728de5bf7a0d41
openshift4/frr-rhel9@sha256:3e781358f7a45f6decd9f6fc9d4c50bd22b9cd6e5ddf4aadacca4ca5d13c85f9
openshift4/kubernetes-nmstate-rhel9-operator@sha256:06ad3617b209f09356757a539c62f68a309d8317b615ec3e65ad8f1919f4f771
openshift4/metallb-rhel9-operator@sha256:08f2cc4395f82620d57b1ab4eea66858ed1f7e136d85785670a149e7ad3edac0
openshift4/nmstate-console-plugin-rhel8@sha256:139be97fa8b7a8c8b74455f67e8b09ca2c86f2c2e24eeb74f3463d833ba24563
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:2a6841952cdc76e23a49a449a3292b77218a630913124fb022d6fbad3ccb6280
openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f858cd0f94339719463c9d62225fe7e37a37a4d1cad71a316ac7d2c14004f468
openshift4/ose-local-storage-mustgather-rhel8@sha256:4161bbd9ddaf92f2c1f0f34a8d9d897b605a3e0fa5c9e60875abc84bc7f4f5eb
openshift4/ose-local-storage-operator@sha256:c670089f7d5a8dc9869087199ada95c6646314cb84373cafd03f0ecaecf0695c
openshift4/ose-ptp-operator@sha256:e9420019d04bcb555916b98d0c80db9d0366a9a422ea4752dcc237ee01a001ca
openshift4/ose-ptp-rhel9@sha256:a6340460efa806f0ee208cfb3b0adfddb549eb4bc9a5f03478d9691148b73620
openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:0619f2c405321719c173928bf851fc387be3f44a21fedca8cb2b4886872aeeb6
openshift4/ose-sriov-network-config-daemon@sha256:5fbe31e29861ac3e1e0f368ae14f596e8a5e6283cc1a8bb0d729404f8a4bd564
openshift4/ose-sriov-network-operator@sha256:7fbf377347e2b1e46269c3bd659c0f165acb2e442199a42dc8f75d6f198bd6cc
openshift4/ose-sriov-network-webhook@sha256:b81366ca18dafd9f9767ae8ec474659f5dda7ad050023b30deaee2d092e727ea
openshift4/ptp-must-gather-rhel8@sha256:d4fa32536592d68d6c76438792d940d4b04063714e2ad8301537c425330b2dfe

s390x

openshift4/frr-rhel9@sha256:a402a2d18f675027b417551e1a8fdf57af39917431d1e1156b494aca92bde0c2
openshift4/kubernetes-nmstate-rhel9-operator@sha256:7389f68e849d37b3ae8ff94717c400cefc860e57bc424d526e9e2b58cb9971e2
openshift4/metallb-rhel9-operator@sha256:b7e97f0eff04d90ab59c2ed293fc09cc95f0cbeac8cc27dffe5fcaf6be534c10
openshift4/nmstate-console-plugin-rhel8@sha256:e8d7046ea584ff670e8caf0d9ce00f6d1b7f021374cea8d297432ec72302d15c
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:6622d3ff6c9f60537d66df6058c67490964e4c26074c2b866a09f68c66802fa8
openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:61469597337545ea8da0d15b8793ac608830aff794a2920670809e009b9a3112
openshift4/ose-local-storage-mustgather-rhel8@sha256:d5a2282f02717eaedf45fbecc24192288ca2aafa56bd9b39f95cb48f8ce4640d
openshift4/ose-local-storage-operator@sha256:cb6602075162caa28ceff233483f4377dfc6bf4c58d0fc8a0bc8d14063292220
openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:2560ca8c8ddd3def506007b6d26ea90bb7107a1287b93598588ad3506acfa827

x86_64

openshift4/cloud-event-proxy-rhel8@sha256:2ff6da9424c1becae9a60a96645ce46c57378cefa2c628a7123783351365a0d3
openshift4/ose-cloud-event-proxy-rhel8@sha256:2ff6da9424c1becae9a60a96645ce46c57378cefa2c628a7123783351365a0d3
openshift4/frr-rhel9@sha256:3d7fb8cabdbe4aac3f286db9b62de76259a31e3595cb9d8a6da6477784878b3d
openshift4/kubernetes-nmstate-rhel9-operator@sha256:ec5188a693729b006fbf9feb566f28fd49dfe63cbb846821c0b60710488177d8
openshift4/metallb-rhel9-operator@sha256:8a740b0a804b966d27a1ea64a7b978af30aaada1272bb868bb53c54a5e422ac8
openshift4/nmstate-console-plugin-rhel8@sha256:315ca8ca41231fadee157a98a6bb5aaa0f061444f33b48863c3ffda9e90dd5e6
openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:37aa6367bb85d2262aa1bdfc230d398069193b83e9c40f417ce2efae4603abbd
openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:dae98509fe6c22f1667afde0a8f2a6cdea3094e2b41136f2d8ccb26c29a8a52c
openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:ac2fbe2398cb87ffb8da61976be31d878dd4bafb4deec87209eba07ac336a2c2
openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:6c5cb160c3e57333e4d64ce2691831f5b4b08df2fbabf86bad99d883641b0791
openshift4/ose-local-storage-mustgather-rhel8@sha256:42c876fed0163924f7dd455fdb6cc2485d7cd2a573528d8f73afb6cebcf18f9d
openshift4/ose-local-storage-operator@sha256:21ec94db294b9bc9f80d6f4162ea6ab0567952289b66a124f38517bd7aecda59
openshift4/ose-ptp-operator@sha256:ad26a89ac85f646743dc8a28882ba946acb28793d8f18d484e6438dbd63ca964
openshift4/ose-ptp-rhel9@sha256:a6481e90784246b9576c05c8669cc85c9028b6f2b82545778a11a3c7b8e6cafd
openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:ae0ddaeaa9b984af9bc06699a63c5b59bdb43428a64e561e1e197bfa43404333
openshift4/ose-sriov-network-config-daemon@sha256:adf4cf2a854fa38b7c72d2f15f0ba1bad77840288df95461e44b67db6dd594e2
openshift4/ose-sriov-network-operator@sha256:1814bfcf3f994142448e0db3ae296739c1cf2e934097880ccbfb5f298c1b1896
openshift4/ose-sriov-network-webhook@sha256:e29ab4b23dfc9811a09a7e82c862cc411afa870769c8933502354e786a8a6f2c
openshift4/ptp-must-gather-rhel8@sha256:25ec5596d6c24ce1e688aa55a2f1d415a8ad8aa7cc2d337d2d3566f2d86c2e37

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.