Red Hat Product Errata RHSA-2024:5810 - Security Advisory
Issued:
2024-08-29
Updated:
2024-08-29

RHSA-2024:5810 - Security Advisory

Synopsis

Important: OpenShift Container Platform 4.12.64 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.12.64 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.64. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:5808

Security Fix(es):

  • python-werkzeug: user may execute code on a developer's machine

(CVE-2024-34069)

  • golang: net/http: memory exhaustion in Request.ParseMultipartForm

(CVE-2023-45290)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

  • BZ - 2268017 - CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
  • BZ - 2279451 - CVE-2024-34069 python-werkzeug: user may execute code on a developer's machine

Red Hat OpenShift Container Platform 4.12 for RHEL 9

SRPM
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.src.rpm SHA-256: bdac8cf84be5d9e9e1d372abbaa209a1c79a93e730ba194f8ce6746c74d058b2
python-jinja2-3.0.1-3.el9.1.src.rpm SHA-256: ea5e43beb72ec48360376b683abc602b04d1e69e35007cd6c9d278fd32c4b0b2
python-werkzeug-2.0.3-6.el9.src.rpm SHA-256: 4c7942946427f90baef73c52c29e8d25a7b7284bab41a0d79dd6a7934b8a92b3
x86_64
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.x86_64.rpm SHA-256: 5e787d1695859bdccfa7a8c26372d6597ff9efbf8b75a720ba9dfc60df5b31a1
python3-jinja2-3.0.1-3.el9.1.noarch.rpm SHA-256: 84fd3a6ad264cb620e3b90d8668a89651561f4a01b28dd42b913c0db6c0a0976
python3-werkzeug-2.0.3-6.el9.noarch.rpm SHA-256: e0e13aed853d2deeaf419cdfc5faa42466f819d3b46a3848f9b671601dbf9fcd

Red Hat OpenShift Container Platform 4.12 for RHEL 8

SRPM
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.src.rpm SHA-256: c2b1d897a40b3e06c604469e2c87ac805031dd8218e30f313a8e0f3dc870f8e5
kernel-rt-4.18.0-372.119.1.rt7.279.el8_6.src.rpm SHA-256: 1b238bccdb18d21efd10a1f28ac8deecde1544e58dc9a911d1071fe833450534
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.src.rpm SHA-256: 7f7ee7686d8bb509ea82966fc06b9bead53f64c160d6d2bc940f6813516a97d1
x86_64
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.x86_64.rpm SHA-256: 586fa9becb359ae04362ae68c4a7618f720998b888f046d4abce76fd9955903d
cri-o-debuginfo-1.25.5-26.rhaos4.12.git635413a.el8.x86_64.rpm SHA-256: 5be6f1bfacd5f13bd354754c37cec0469b2c0264220e78e38ba90f5276ce299b
cri-o-debugsource-1.25.5-26.rhaos4.12.git635413a.el8.x86_64.rpm SHA-256: dd2b57c3a83cf16046b2bf1f62c10519454f06aedef432529f221c4aaf4fdb94
kernel-rt-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: b512b5332ea3e7657a80bb6c4ec4467e28b01678eed6b3754735209c5b9b83a9
kernel-rt-core-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 885f8da06222d6f0d12515f34d19ef97514385631df3ec7f90e4ac05831b8680
kernel-rt-debug-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: f9d5c06971221550f605cb50b00c38774a7e2c85fdb6d055ddf50cbb36b5507f
kernel-rt-debug-core-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 33999de4feab2f78c4294b4be3b5507668f6d1a6bfc5545e8ea08b66e5d849fd
kernel-rt-debug-debuginfo-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 55d1493437a26ff8347432868bfb026f17d7078bb7e1edde50e2b65e98a1b9d4
kernel-rt-debug-devel-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 3259338b279c358e8ec0b10f90afeb12eb35f949fd9a43fbaf1674cfb752447b
kernel-rt-debug-kvm-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: cbbca48f4c153a8ed77a75b407decfe3810f302059f2217adc4128da540502db
kernel-rt-debug-modules-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 4e1ac31f0c78f00632ab37f343a4b8ddfcb076413d9a489e32a8d0838fe53d3d
kernel-rt-debug-modules-extra-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 2148cc613446f845d6fdedb8de29a13391ef3468225ebd14e8c40bc40a4c0097
kernel-rt-debug-modules-internal-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: b6eac0787a617c6f9632a3763e688715dff3b416effd901f0c13d515a3e37d58
kernel-rt-debuginfo-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 95a971c43ba30810880b51032cd7a9f1fb7a5ebe8e7f9e64ca52dda3dc0ca511
kernel-rt-debuginfo-common-x86_64-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 9d34520bbe057ff70f357c296888b343e31cd9e5809577dfae07f83cbad1f4fa
kernel-rt-devel-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: ebce3e0076a2b2b1d26001a556cec44c0e0c28d50050d590fa5baac26e4e6b65
kernel-rt-kvm-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: c77bcecb58393a9d5dc6a4f1e2e10e67fa847fbf7d2f63d23947a46f703100a4
kernel-rt-modules-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: dd3f7070448bca9cceba0d58caae50714319e9614dfd8438b4c262f42b13f00d
kernel-rt-modules-extra-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 3247b8d7e6ec377534a6465c85a0925541f716886ce8819c48d8ec9c7f8168d3
kernel-rt-modules-internal-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 5e0782907521f0c060424f78864aa29df9b5ebd1b3f9ba47a991525e2910c988
kernel-rt-selftests-internal-4.18.0-372.119.1.rt7.279.el8_6.x86_64.rpm SHA-256: 6a2f5f06f16ad7861570d56d296981f4f5cbbfdd142cf0570e3a6bfab86fc7d6
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.x86_64.rpm SHA-256: ee96387cd2a565e76c1986b7cb1af52fefc9889f4d58ca9fbf436ef4b329f063

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9

SRPM
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.src.rpm SHA-256: bdac8cf84be5d9e9e1d372abbaa209a1c79a93e730ba194f8ce6746c74d058b2
python-jinja2-3.0.1-3.el9.1.src.rpm SHA-256: ea5e43beb72ec48360376b683abc602b04d1e69e35007cd6c9d278fd32c4b0b2
python-werkzeug-2.0.3-6.el9.src.rpm SHA-256: 4c7942946427f90baef73c52c29e8d25a7b7284bab41a0d79dd6a7934b8a92b3
ppc64le
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.ppc64le.rpm SHA-256: 487a1ea9c8f16cb202fd509b15bb6ceb8308e18219fc296cdbbe1415bb968836
python3-jinja2-3.0.1-3.el9.1.noarch.rpm SHA-256: 84fd3a6ad264cb620e3b90d8668a89651561f4a01b28dd42b913c0db6c0a0976
python3-werkzeug-2.0.3-6.el9.noarch.rpm SHA-256: e0e13aed853d2deeaf419cdfc5faa42466f819d3b46a3848f9b671601dbf9fcd

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8

SRPM
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.src.rpm SHA-256: c2b1d897a40b3e06c604469e2c87ac805031dd8218e30f313a8e0f3dc870f8e5
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.src.rpm SHA-256: 7f7ee7686d8bb509ea82966fc06b9bead53f64c160d6d2bc940f6813516a97d1
ppc64le
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.ppc64le.rpm SHA-256: d9b0668c4d28f33c299b7deebf47ab15ff1068cb3f90fcbf75cf5710ea9a462e
cri-o-debuginfo-1.25.5-26.rhaos4.12.git635413a.el8.ppc64le.rpm SHA-256: aa803442a08638e12a251fac5549e3286670c6919173b1c185d01a861e7f4126
cri-o-debugsource-1.25.5-26.rhaos4.12.git635413a.el8.ppc64le.rpm SHA-256: 121ee3dafcc5a9a74be0aea0c6e68955c7f9e2ff4bb90ad4648cf64f97d5e0f0
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.ppc64le.rpm SHA-256: c916c8da571149289426ab85a94258eaa09c221945a06ff212e17aa6f7b1fdf0

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9

SRPM
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.src.rpm SHA-256: bdac8cf84be5d9e9e1d372abbaa209a1c79a93e730ba194f8ce6746c74d058b2
python-jinja2-3.0.1-3.el9.1.src.rpm SHA-256: ea5e43beb72ec48360376b683abc602b04d1e69e35007cd6c9d278fd32c4b0b2
python-werkzeug-2.0.3-6.el9.src.rpm SHA-256: 4c7942946427f90baef73c52c29e8d25a7b7284bab41a0d79dd6a7934b8a92b3
s390x
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.s390x.rpm SHA-256: 2207eec5c891ece7a3e7f931dc7bd789c2e587d854d3e94ba3ee29a20887fb39
python3-jinja2-3.0.1-3.el9.1.noarch.rpm SHA-256: 84fd3a6ad264cb620e3b90d8668a89651561f4a01b28dd42b913c0db6c0a0976
python3-werkzeug-2.0.3-6.el9.noarch.rpm SHA-256: e0e13aed853d2deeaf419cdfc5faa42466f819d3b46a3848f9b671601dbf9fcd

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8

SRPM
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.src.rpm SHA-256: c2b1d897a40b3e06c604469e2c87ac805031dd8218e30f313a8e0f3dc870f8e5
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.src.rpm SHA-256: 7f7ee7686d8bb509ea82966fc06b9bead53f64c160d6d2bc940f6813516a97d1
s390x
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.s390x.rpm SHA-256: 65a2d4cab22e99915ebff4d3cc5233a4ae74ad43f06e016e31157454820e548e
cri-o-debuginfo-1.25.5-26.rhaos4.12.git635413a.el8.s390x.rpm SHA-256: d63c2ee7899beb2639d99f32292766e41e046b031f29c542a725388ef8062acd
cri-o-debugsource-1.25.5-26.rhaos4.12.git635413a.el8.s390x.rpm SHA-256: f14385268e87ded84fad128684c366382ec0196829e9a593307d56f110834955
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.s390x.rpm SHA-256: b1987064bdabf107e98dd7236e38e2ed5901569d86fa3dd2cc2d5e1bab5eae20

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9

SRPM
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.src.rpm SHA-256: bdac8cf84be5d9e9e1d372abbaa209a1c79a93e730ba194f8ce6746c74d058b2
python-jinja2-3.0.1-3.el9.1.src.rpm SHA-256: ea5e43beb72ec48360376b683abc602b04d1e69e35007cd6c9d278fd32c4b0b2
python-werkzeug-2.0.3-6.el9.src.rpm SHA-256: 4c7942946427f90baef73c52c29e8d25a7b7284bab41a0d79dd6a7934b8a92b3
aarch64
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el9.aarch64.rpm SHA-256: df78743fac8a64402eab7334f192af80d25ce60b546252efb45d612da0901c50
python3-jinja2-3.0.1-3.el9.1.noarch.rpm SHA-256: 84fd3a6ad264cb620e3b90d8668a89651561f4a01b28dd42b913c0db6c0a0976
python3-werkzeug-2.0.3-6.el9.noarch.rpm SHA-256: e0e13aed853d2deeaf419cdfc5faa42466f819d3b46a3848f9b671601dbf9fcd

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8

SRPM
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.src.rpm SHA-256: c2b1d897a40b3e06c604469e2c87ac805031dd8218e30f313a8e0f3dc870f8e5
kernel-rt-4.18.0-372.119.1.rt7.279.el8_6.src.rpm SHA-256: 1b238bccdb18d21efd10a1f28ac8deecde1544e58dc9a911d1071fe833450534
openshift-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.src.rpm SHA-256: 7f7ee7686d8bb509ea82966fc06b9bead53f64c160d6d2bc940f6813516a97d1
aarch64
cri-o-1.25.5-26.rhaos4.12.git635413a.el8.aarch64.rpm SHA-256: 853cf97284beb31c8ce2f6309e87cb327c309a8d69e33307e4d6b62088d5131e
cri-o-debuginfo-1.25.5-26.rhaos4.12.git635413a.el8.aarch64.rpm SHA-256: d322ad9501642959b6e09ac85a0c9acb96bad77b1bc922d1c86d53af9a9665ff
cri-o-debugsource-1.25.5-26.rhaos4.12.git635413a.el8.aarch64.rpm SHA-256: 489d71572bfda68adf38a85afa461cb37683ce3ed0bc7a63bc8819e66fae0ec3
openshift-hyperkube-4.12.0-202408131833.p0.g1eb8682.assembly.stream.el8.aarch64.rpm SHA-256: 7b4ca3170d5fc9d7b14f4c995d86c467db2d920c74004917eef92b4f0a004128

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.