Red Hat Product Errata RHSA-2024:5754 - Security Advisory
Issued:
2024-08-28
Updated:
2024-08-28

RHSA-2024:5754 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.15.29 packages and security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.15.29 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.29. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2024:5751

Security Fix(es):

  • golang: math/big: uncontrolled memory consumption due to an unhandled

overflow via Rat.SetString (CVE-2022-23772)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.15 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.15 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.15 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.15 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.15 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 8 aarch64

Fixes

  • BZ - 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString

Red Hat OpenShift Container Platform 4.15 for RHEL 9

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.src.rpm SHA-256: 488a8b49dc8ab4b784f3a433030556384eab147feced66354c0dd25adfe7f844
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.src.rpm SHA-256: 8d12c64d6f8dbb3d398d97b52f609162e2dbf76e15d81ae4cae3289dcddaecb4
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.src.rpm SHA-256: 3523d73ad640f70839622e9097db72974a06b53ce12fb15aed26e47fc5a45367
x86_64
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.x86_64.rpm SHA-256: a8ec3cbe596856249c198e979dc475c30471ec7d7158dce0beb5de56d5cc595c
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el9.x86_64.rpm SHA-256: 50b5861c0f400aee3a512426ba8defa7b3c25206661c6ea84ee67b08a4272051
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el9.x86_64.rpm SHA-256: 968939df7dbd29571ad39d60b59396d031164d6d35e427cc6beb0ce40e2ea1bb
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.x86_64.rpm SHA-256: 851e9a0b793f3f25a6f476522c583b3952fd4f662e9b3005617d1f22b7f68a79
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.x86_64.rpm SHA-256: 4798d97730f6bcef9b84cf296091c97ccbc11199d7192a466ffcb05508312690

Red Hat OpenShift Container Platform 4.15 for RHEL 8

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.src.rpm SHA-256: 819085f0139339bc8bbfe3df8c137131e484d9bdde0769a54bf6975cd52caec2
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.src.rpm SHA-256: 7a1572e6578a5be215501a01640501880f175159e6c1e9f34f7b000d0dc75e92
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.src.rpm SHA-256: 0e756310de1111b5a4876b4e94020ce90ede639b3a5d4f9ab4edf1e687561b8d
x86_64
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.x86_64.rpm SHA-256: debee7b5bf2d4e33dc16a2650f8a7eb6e0498841a6122ce1c2b7ed81264dc1ad
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el8.x86_64.rpm SHA-256: ca3a849372b84d58616c3f9dcdf73c382ed64f5f1c387e6cfec3be5ca8b8a2d3
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el8.x86_64.rpm SHA-256: 35ccd926aa62982777ead0e4d28c54ceb89c90096d06ea40bef419478aa5f8f7
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.x86_64.rpm SHA-256: 5617cbe240e612c15a09ae1123cb45c305fdffbef86cc0ca1e3e00359060e904
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.x86_64.rpm SHA-256: 99dd6733ced1f8afd5eb54ba320d06fda7c34b2ce1760d857572c146dd110267

Red Hat OpenShift Container Platform for Power 4.15 for RHEL 9

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.src.rpm SHA-256: 488a8b49dc8ab4b784f3a433030556384eab147feced66354c0dd25adfe7f844
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.src.rpm SHA-256: 8d12c64d6f8dbb3d398d97b52f609162e2dbf76e15d81ae4cae3289dcddaecb4
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.src.rpm SHA-256: 3523d73ad640f70839622e9097db72974a06b53ce12fb15aed26e47fc5a45367
ppc64le
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.ppc64le.rpm SHA-256: ec28f3114808fed34bf668322c88cd2f0fa93ac78f3576c36a6dcb01822239fd
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el9.ppc64le.rpm SHA-256: aa2fde64c22d441a373f952c826b4da302e7bdaabebbd37cbd208ba507af1684
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el9.ppc64le.rpm SHA-256: e66f1067c956a1c5b5e8260586c68978a111f8bf59258b746a8058c68f70f2c8
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.ppc64le.rpm SHA-256: afa019b2cecebc8dd620491e6cb144da0db387b4171aa86bc844424bca795e5e
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.ppc64le.rpm SHA-256: e9dad9799a6994c658cb0aeff67dc99bb8d15e8c9d254a88c6f52fdd65bb4a42

Red Hat OpenShift Container Platform for Power 4.15 for RHEL 8

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.src.rpm SHA-256: 819085f0139339bc8bbfe3df8c137131e484d9bdde0769a54bf6975cd52caec2
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.src.rpm SHA-256: 7a1572e6578a5be215501a01640501880f175159e6c1e9f34f7b000d0dc75e92
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.src.rpm SHA-256: 0e756310de1111b5a4876b4e94020ce90ede639b3a5d4f9ab4edf1e687561b8d
ppc64le
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.ppc64le.rpm SHA-256: 73559c598d73695fc8deb8a51b90749e8d6e620c60bde4c79e8bc5229834da6e
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el8.ppc64le.rpm SHA-256: f309b80ac3bb328d0bb59b3937b66500b0db0cf13359f3c81eba20aa24400bd4
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el8.ppc64le.rpm SHA-256: 6d364437fde575565eb35e6e9ab74528e4ac8df36e07b429d1cce32ea94ce9cb
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.ppc64le.rpm SHA-256: 0f0d23cf774908053045046aef46a2badaae8af02cb131ec9a8b5bde19f9ef3c
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.ppc64le.rpm SHA-256: a95aeac61019b64aee102fdd15f982be6bacd7d611d86dcb769b964790bd286a

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 9

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.src.rpm SHA-256: 488a8b49dc8ab4b784f3a433030556384eab147feced66354c0dd25adfe7f844
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.src.rpm SHA-256: 8d12c64d6f8dbb3d398d97b52f609162e2dbf76e15d81ae4cae3289dcddaecb4
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.src.rpm SHA-256: 3523d73ad640f70839622e9097db72974a06b53ce12fb15aed26e47fc5a45367
s390x
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.s390x.rpm SHA-256: 45c4e521cf1e8288aa8a42629d1ff25d76a0d12401dbf6eacd7052b909a071a5
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el9.s390x.rpm SHA-256: c74bd95bcffe654141184a75398219ffc1640e75588b6fbeb07f3a9ed4d005fb
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el9.s390x.rpm SHA-256: eb0759c54a6296d839e5138eaa0199c6d40faf4172db2ae534dd7d37ed8fd20f
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.s390x.rpm SHA-256: 96ae0f6ad3bb1c1e632f0381e5fab36e15ef05f3260537e2e876d39c0d342df3
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.s390x.rpm SHA-256: 7d221c850376337b096a8ad351abb6e1f4835f2429783889c1194aaab22f30f5

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.15 for RHEL 8

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.src.rpm SHA-256: 819085f0139339bc8bbfe3df8c137131e484d9bdde0769a54bf6975cd52caec2
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.src.rpm SHA-256: 7a1572e6578a5be215501a01640501880f175159e6c1e9f34f7b000d0dc75e92
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.src.rpm SHA-256: 0e756310de1111b5a4876b4e94020ce90ede639b3a5d4f9ab4edf1e687561b8d
s390x
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.s390x.rpm SHA-256: cf261ff118cd60c9ca3c45e97786148153d56fe944e6e38929ac1b708413537f
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el8.s390x.rpm SHA-256: 429e973fff40f2ac345f21977bf2836e7e6300f22539a20fda95094ddb418aca
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el8.s390x.rpm SHA-256: 3503c58d9b5bcf81fc2b3bfbe0596a8c40c3bb6a2cd79fd44b4fea1a739688ec
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.s390x.rpm SHA-256: a83ee899fa959aacb19b79c262436083a590fa6ae5d2a814f12c4652d27744e9
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.s390x.rpm SHA-256: a6501132504acab57d9c98dfe60a7e8c0d75b41ee42effb9378e914211c0d2bc

Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 9

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.src.rpm SHA-256: 488a8b49dc8ab4b784f3a433030556384eab147feced66354c0dd25adfe7f844
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.src.rpm SHA-256: 8d12c64d6f8dbb3d398d97b52f609162e2dbf76e15d81ae4cae3289dcddaecb4
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.src.rpm SHA-256: 3523d73ad640f70839622e9097db72974a06b53ce12fb15aed26e47fc5a45367
aarch64
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el9.aarch64.rpm SHA-256: a4cb2e66a008a4d66e27d7fac8a3965552dc69458d434e80e2cb67767acdfa64
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el9.aarch64.rpm SHA-256: 96c2369e24540aa6b8e45f2ce3010308438531ee59b48855e4ece2b66e16f7dd
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el9.aarch64.rpm SHA-256: c3f2548281c517cf9230fefe099587868ac2c309be4210214cfa5966ad14eaf0
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el9.aarch64.rpm SHA-256: 15bb0ae5e8dbd85df867ba1e7a9eaf4c1d537f66b877e8f46e393893be43d5bd
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el9.aarch64.rpm SHA-256: 4c8f209ba80edd8367fe15ba379a528818996ba98697a748e739bdfda4d20d70

Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 8

SRPM
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.src.rpm SHA-256: 819085f0139339bc8bbfe3df8c137131e484d9bdde0769a54bf6975cd52caec2
openshift-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.src.rpm SHA-256: 7a1572e6578a5be215501a01640501880f175159e6c1e9f34f7b000d0dc75e92
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.src.rpm SHA-256: 0e756310de1111b5a4876b4e94020ce90ede639b3a5d4f9ab4edf1e687561b8d
aarch64
cri-o-1.28.9-6.rhaos4.15.git8429b0b.el8.aarch64.rpm SHA-256: b5dc4275bc5fec9d20b27b7394693a9b6a1266c6d2a6ba102562f3c5d526ae56
cri-o-debuginfo-1.28.9-6.rhaos4.15.git8429b0b.el8.aarch64.rpm SHA-256: 7f558adae7426d66f75ebd75e65ca1250b17962c317929e8e67655eef8e73251
cri-o-debugsource-1.28.9-6.rhaos4.15.git8429b0b.el8.aarch64.rpm SHA-256: 9596442aa388ef78e90b8b982b306b3aeedcc198a858fc18245f4a2df69eab91
openshift-hyperkube-4.15.0-202408131909.p0.gbc3c7c5.assembly.stream.el8.aarch64.rpm SHA-256: fab4ddeebce2f95a361c7110899fed5efc7e0aed22ed02e2d97a392f989a440b
ose-aws-ecr-image-credential-provider-4.15.0-202408200739.p0.gfd77d92.assembly.stream.el8.aarch64.rpm SHA-256: 0e1f091e6a4a14463bf51264c2563873554a2f074c1175634795ba1901406261

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.