Red Hat Product Errata RHSA-2024:6755 - Security Advisory
Issued:
2024-09-18
Updated:
2024-09-18

RHSA-2024:6755 - Security Advisory

Synopsis

Important: Red Hat OpenShift Data Foundation 4.16.2 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.2 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an
S3 compatible API.

Bug fixes:

  • Previously, when the label on the node was empty, the mount would fail. With this fix, when the node label is empty, the node is not considered for `crush_location` mount option and as a result persistent volume claim (PVC) mounts successfully. (BZ#2303177)
  • Previously, after the OpenShift Data Foundation upgrade, the backingstore was stuck with "Connecting" status. With this fix, the location of the `upgrade_bucket_policy` script is corrected. (BZ#2303414)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64
  • Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 9 ppc64le
  • Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 9 s390x
  • Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64

Fixes

  • BZ - 2266006 - [RDR] [Hub recovery][4.16 clone] [Neutral] With passive hub, sync stops for all rbd and cephfs workloads, rgw on one of the managed clusters goes down
  • BZ - 2268820 - CVE-2024-28176 jose: resource exhaustion
  • BZ - 2270863 - CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
  • BZ - 2290526 - [Tracker ACM-12001] [RDR] VolSync - rsync-tls fails to sync when there are too many files in the root of the source PVC
  • BZ - 2290675 - [RDR] The Disaster Recovery web console page (All Clusters -> Data Services -> Disaster Recovery) is not opening and throws an error most of the time.
  • BZ - 2292668 - CVE-2024-24789 golang: archive/zip: Incorrect handling of certain ZIP files
  • BZ - 2292777 - CVE-2024-37890 nodejs-ws: denial of service when handling a request with many HTTP headers
  • BZ - 2293200 - CVE-2024-28863 node-tar: denial of service while parsing a tar file due to lack of folders depth validation
  • BZ - 2294000 - CVE-2024-6104 go-retryablehttp: url might write sensitive information to log file
  • BZ - 2300022 - [ODF 4.16][UI] Ceph storage pool created with pg_num and pgp_num 1; osd_pool_default_pg_num is 32, must set deviceClass on all pools
  • BZ - 2300289 - ocs-client-op should deploy webhook and intercept subscription changes only when managing CSI
  • BZ - 2300332 - [ODF 4.16] [UI] Hide "builtin-mgr" block pool CR
  • BZ - 2300499 - CVE-2024-41818 fast-xml-parser: ReDOS at currency parsing in currency.js
  • BZ - 2303177 - after upgrade from 4.15.15 to 4.15.18 image registry pods are stuck at ?container creating?
  • BZ - 2303414 - [Backport to 4.16.z] Backingstore Stuck "Connecting" post ODF v4.15 Upgrade - INVALID_SCHEMA_REPLY SERVER system_api#/methods/read_system
  • BZ - 2304074 - remove client-op deployed subscription webhook before it is scaled down by odf-op
  • BZ - 2309710 - CVE-2024-8421 golang.org/x/net/http2: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)
  • BZ - 2310210 - [QA Only] Qualify RHCS-6.1z7 with ODF-4.16.2 in the External Mode

aarch64

odf4/mcg-core-rhel9@sha256:9525321c9555ceb005a6d38c7b40b429875454d5770da138cf5aa6b1c9b36d74
odf4/mcg-rhel9-operator@sha256:4960d9c4d370a301cbd44ca1747018678b1141bf44d5eec390f7dece2cef8c07
odf4/ocs-client-rhel9-operator@sha256:19e503d397bd79d0322789b023ce7fdd6f5c8e3ce077a7b2e290f88fbb084b59
odf4/ocs-rhel9-operator@sha256:e36599677da7ad32a6a858b2855e964bb1592a3525d2e4a66186da9aeb19e112
odf4/odf-cli-rhel9@sha256:40280944fd426e2f8306423c2960ab13420096829368a1ec80c27aa085fb0872
odf4/odf-csi-addons-rhel9-operator@sha256:0019ffcc0aab7107c0e1fd2a96816dcc72bd9458607217611df54b26195c1a11
odf4/odf-csi-addons-sidecar-rhel9@sha256:a16e36499b44256938d61bbf9cdd0110482f3199126cd4567a5604894bec08bd
odf4/odf-multicluster-rhel9-operator@sha256:d037fb2187e9308d6b382c26eb6abf63032d4d5af19300016e7aae801d121841
odf4/odf-must-gather-rhel9@sha256:0a12102e242f8394dd9a5e6ecdb6891bae232bf5a296c5f5f5f5eb6fdf56b777
odf4/odf-rhel9-operator@sha256:606d9e8c7a45297497fa30e8e6f506d317eb20a8e8e64bb1646f1a0e9d0d06b1
odf4/odr-rhel9-operator@sha256:b1241bbc12951a4da2b9c57248485b27b651784d4e0f1e93d32c13c626dc3a75

ppc64le

odf4/cephcsi-rhel9@sha256:80d2812e1d0552f98cdb5095229cb904ea38c9b7523433ec14a04309fee65bbe
odf4/mcg-core-rhel9@sha256:2a6eb645330b2dc345361bfd58cfec277865f9020388c2b0b16822660a6c3239
odf4/mcg-operator-bundle@sha256:ff42a4a6faa413d5313a375131a9da1af2aab2d6197f1a3317f733811c37f0dc
odf4/mcg-rhel9-operator@sha256:b09fcf50c81e27fca918134a4157838645c554a809cb8eb44593770d09c40288
odf4/ocs-client-console-rhel9@sha256:e4b92ae33787a1a666b86f0657e756b35665b0761a6ada7046a01ec7a4fc2387
odf4/ocs-client-operator-bundle@sha256:000ca7e39c0b730f00049615555e41e5eb7592dc673f5a866459ed9214a8b6fb
odf4/ocs-client-rhel9-operator@sha256:d0335bdb39ba92e2dfd5012c01c4e0716af473190612cf456e6b2b36c5b805f9
odf4/ocs-metrics-exporter-rhel9@sha256:ad227c3ed05ed0783b5633e69f2791c12bc53a72f1af79c55a714d48222ca852
odf4/ocs-operator-bundle@sha256:335daf33b13e5b116d6f15f106d50705a179dd15820da1a0dd88d8ba02cf07d7
odf4/ocs-rhel9-operator@sha256:ca8cca14c379dfaeece1537c1e2cd7c79c42904056f7efdf0768a4f6ce2068c3
odf4/odf-cli-rhel9@sha256:833e1f221e420b28b09c2f9f2ad5e626e20bbf85b289e4cb2f10cd32cf88cd32
odf4/odf-console-rhel9@sha256:240f02cfd3c5e09a0b04904dd0b02b04c39362b7439607e3bc4be5bcffd2ab28
odf4/odf-cosi-sidecar-rhel9@sha256:8b3fc79725c3af0e518346bbfce369047c7afdb0cacc46d79d3e03552b3794de
odf4/odf-csi-addons-operator-bundle@sha256:e66969a311b56573a7f6ea15829d37105aab284f76add449c78617671998ec5b
odf4/odf-csi-addons-rhel9-operator@sha256:bab50d15899d1bfa99e23749ddd4163b1dba90a8120ce310cf12f76b12f796f4
odf4/odf-csi-addons-sidecar-rhel9@sha256:ef079306680b1a982c5da069febab49efa508def25add29bf74e2abfc3848549
odf4/odf-multicluster-console-rhel9@sha256:7a0145f859c92e21c4d58f745bdce763f788fd9e7e6e68b34e03aa30805a63f4
odf4/odf-multicluster-operator-bundle@sha256:8b434897f689f9deb4b68908da3b586ec85a0ddc28743e127544bd9eacd469ec
odf4/odf-multicluster-rhel9-operator@sha256:d2085b89dec07afef002d93f3c13808589ce911bd62b20a3139a3351a86f6423
odf4/odf-must-gather-rhel9@sha256:a9ec56182b7545961e8c79e40626b2dd3a1d2c9121acd983668f5a8c237c8686
odf4/odf-operator-bundle@sha256:13f99a2bac4636b9ead56f8971af1a54707ada6dcd856133de3c886745067e2d
odf4/odf-prometheus-operator-bundle@sha256:b467df73f3b69e6f9dc3b917564959b0c43033fb469aa852696df1dd82c013a4
odf4/odf-rhel9-operator@sha256:09d7bfcd1acb49aa33ecc9aea5064c6b0e1267b8fe31ba8203f7fd0664be3eed
odf4/odr-cluster-operator-bundle@sha256:b3d1bd8a61bb74a169e2e95788302f2d155bc3568f37bc6c0b7128a0d9725320
odf4/odr-hub-operator-bundle@sha256:78c66f8339aa72b249551465e771ff2fed6b80ff9a3d59225f7c3053f8ba5894
odf4/odr-recipe-operator-bundle@sha256:142ea2554c33e5cc06ed6ef08ed1c3027f2b1c35ac028dec3e501a9c6540e44b
odf4/odr-rhel9-operator@sha256:73ac6d6ff8eaff43f5ffb97d36f6ea6f81a95ae50eb2bfcf17b7ebd0b85feb84
odf4/rook-ceph-operator-bundle@sha256:3007832d1858d62cc1743fd0991054ed1679ffc4e6a94484c372d859cff6f7ac
odf4/rook-ceph-rhel9-operator@sha256:61015102d7fbc08fa15f2438428e58f8f6b0f7d127117b9c649ae7906fabc0fc

s390x

odf4/cephcsi-rhel9@sha256:1855a0b57e087edfd1d1c1345de2422f5cbb57d8cd684bcc467676967988b93c
odf4/mcg-core-rhel9@sha256:f4c4681f7cfacae5dbbe4bb54b095813a8991a9fbf681c17794834064065a526
odf4/mcg-operator-bundle@sha256:d7c2bc78aace609338662cccae23ac48e591464232ebd0b7bb540417281c6569
odf4/mcg-rhel9-operator@sha256:2b62fe6cf2ee2f076d5917216509f0edda8dea1b34dae19bbaffb93a30ac8c32
odf4/ocs-client-console-rhel9@sha256:5cb62277759ce0b63ee6c37a5c5379d72fe50548a616de86f2b198f068362b73
odf4/ocs-client-operator-bundle@sha256:8c29a95e5ad2931245c6a69848b6060fe1921061144ecdc184840aaba5e32309
odf4/ocs-client-rhel9-operator@sha256:44168a481eb3f08339918d34fe651f9de4b77a68de493513a2392532ad847304
odf4/ocs-metrics-exporter-rhel9@sha256:e71b2b760cc0090920f2881eae49ac78ca9c374e493fa1a4095985e3a27d4187
odf4/ocs-operator-bundle@sha256:9a3fcbda671d1651c2a1829d878c29d7de526217f903719e766fec7bf8330e1a
odf4/ocs-rhel9-operator@sha256:a98821c2a60d181f48b234bccf8f4f772683159d48d600caa37008d9495a37d8
odf4/odf-cli-rhel9@sha256:09a46522364d4f5c62e476a2083cdc928119e2036c1c5aa1884d567e48944ee0
odf4/odf-console-rhel9@sha256:3a7205aed26a1954d508afe716e42c9b75ec8f48c6acc6c4dd97d44d5727ed53
odf4/odf-cosi-sidecar-rhel9@sha256:505b143407fe7db716f731269afa2bc579a87eedbda05241ab21693f02d5b116
odf4/odf-csi-addons-operator-bundle@sha256:c86dcb5c4eb87d91c191294a15092397674a884c386fc74b9aa4b22c816923c5
odf4/odf-csi-addons-rhel9-operator@sha256:0b60a9c6bf9da9021ba39cb6b0e6d2209500c4c16c2d071df88baaedb28574f8
odf4/odf-csi-addons-sidecar-rhel9@sha256:d1480aa6c2f3c88fbbce798ca53d1050aad2726ef0e502eec22d433be229f904
odf4/odf-multicluster-console-rhel9@sha256:dd3a62203f32795705e66a7dfb9b64f06a8b25e34fcdb22562f77bdf24e273e0
odf4/odf-multicluster-operator-bundle@sha256:935bc7296c21ed82d1f75c2aaa228a2451e5e339989b95b431d5fbf4dc01dd4a
odf4/odf-multicluster-rhel9-operator@sha256:ea923c20fea9be0a0fabf22e552045e791bd22f70256a31c25577c9a106358c7
odf4/odf-must-gather-rhel9@sha256:e2010c337c85955e6c476b707f0b2700e8b8f4ea280f6b45b84db058a31752b7
odf4/odf-operator-bundle@sha256:7b2356a53199fbe6202bdedd1458a4523d348f5b942cbabd622fb3ad8ff34ba9
odf4/odf-prometheus-operator-bundle@sha256:d870646f3baf49a5e5003197e508ab2d6a05514f12695ebe3f7d1cc25bf5db1a
odf4/odf-rhel9-operator@sha256:7f93eba832531f0750c7b6cc8e88513ef2940e17915c260a5f19999f7ea87bc6
odf4/odr-cluster-operator-bundle@sha256:a67045fa2ad8333f8fe8bba60f8116c67f8a112d8ef65145f1c6abb1c7920c83
odf4/odr-hub-operator-bundle@sha256:96463b6b00598d68f5492eac37284607ba29a335e6114b9e53f483aab31de4f5
odf4/odr-recipe-operator-bundle@sha256:cfb5a9b87af42f71c3bac4b361fd416c2e88f4749130d388725da946b31f4a5f
odf4/odr-rhel9-operator@sha256:9d5fd0aa2c6017799fb3fa3d34ba8ff428ec9a59c2f85ad9735722db7375f712
odf4/rook-ceph-operator-bundle@sha256:952670e5ab08a2d5ef3f681e999f63c501680ccbe967c0fa9e4faca1407cbcff
odf4/rook-ceph-rhel9-operator@sha256:b35358150785246c2d9f81fb1af6e9ec26bc53211db772c6d9fc4b302fb99793

x86_64

odf4/cephcsi-rhel9@sha256:5c030da386a9b03e6840a6ab029c02570c95ba06845601724fa167c07e9eb8d7
odf4/mcg-core-rhel9@sha256:10b1d93f122367a248bcaec7f6207679ee037f1898af43f87c4cd20a52977892
odf4/mcg-operator-bundle@sha256:ff2fb273110b075237abbc1d4f3733e4d40b8c8c9732d1297321c30cb1e2b4fa
odf4/mcg-rhel9-operator@sha256:2dc4a48faceb2ccc1f3b33a996044e2a7c5c8d2faae6c229fa3a750135665fdc
odf4/ocs-client-console-rhel9@sha256:8fa8fc3ed821448c787c9ef2a79f0388a0038c11e0f054b7dc57c49fe5fea5e6
odf4/ocs-client-operator-bundle@sha256:8543a33eec1139b26304b51e6a8be642af65582305d17e0942c67fc1df716351
odf4/ocs-client-rhel9-operator@sha256:c4529335349d7c4f71fce929a49ed3a850cfb62029e271f5cc6a3357fa9026a1
odf4/ocs-metrics-exporter-rhel9@sha256:0f8c7c96f43c7cc3af66cf632ee85ec12591d0ff5509cf7d97daefb45fa00cc4
odf4/ocs-operator-bundle@sha256:ab584021248ace4ec2016bc39641d5bd1fa15a8a05fd79bd0877389a5780d896
odf4/ocs-rhel9-operator@sha256:72187ddb6983eb261bd94e281065fc3da0496dd7379ddd5dc332b8028837b1b9
odf4/odf-cli-rhel9@sha256:ee668ea9d1e74c267fcebfe11dd2bdb4757b71eed31baaa6831084da53657b1f
odf4/odf-console-rhel9@sha256:496ac9c127e649e4a2b2ff47b1afe700f3f8a6f393a667761458998f6633e8af
odf4/odf-cosi-sidecar-rhel9@sha256:187e4f15fe5199cd52a6d716c756c5feb34d194daf2967c3d8ed5982417b2e39
odf4/odf-csi-addons-operator-bundle@sha256:7f977486df6d51c1f3c83dedc5b1f74497a16adb8a5d93039b3accd69cb0adce
odf4/odf-csi-addons-rhel9-operator@sha256:c317e8525035a17a53adc0d207737b5a465dc9bb6af2a4873461a8f25b9dcd61
odf4/odf-csi-addons-sidecar-rhel9@sha256:4f3572258fff46563ccc5231c635fc321e9ff21826cfdf55f946ee1ab5c69bfe
odf4/odf-multicluster-console-rhel9@sha256:88809ab7f5be63b0ea6f8ad27a0d34e0894707acc6c549cc5f4339a9328282c3
odf4/odf-multicluster-operator-bundle@sha256:e1e7e8293ecd42f31b4a59b93f79956088b99ee97c37084cc481293e76c19c3f
odf4/odf-multicluster-rhel9-operator@sha256:0312595313ac3318501c0b2bba2a08f64550a9d85c3b67456ca9a383cb905890
odf4/odf-must-gather-rhel9@sha256:c7a24e7a2354a8b43816c78e720d6f60a79124381d2eb68ada71e4a312044741
odf4/odf-operator-bundle@sha256:b7d92e5a2b1f9fe724e0e79a449ef388b327d4e6287bc3d8d8b4b0a3984abae8
odf4/odf-prometheus-operator-bundle@sha256:55bafda483567207fb702cf2271ed63ba30a7a1be0cefc5b3d8689a33da10eb2
odf4/odf-rhel9-operator@sha256:dc1f27c8d2955955f38d18e08b33ce46d3ec5bdfd278e227e4da060e5a7b71c4
odf4/odr-cluster-operator-bundle@sha256:209a9a32355c48f283911bd11e91a43c9606c00096b84bf9219d68490ceb6ffc
odf4/odr-hub-operator-bundle@sha256:62596d599a798f6e8d1e592b1841503e1c3f8e3522d454fe22bef35b0ec05d62
odf4/odr-recipe-operator-bundle@sha256:5c6bb32191c11e2dcf1cffa58dd43358d8179c9c4888e380363e69d99401b9ca
odf4/odr-rhel9-operator@sha256:5d4035cae657f50712d0b205c3adb73bce0b1eedce135067cec82db7acf526b1
odf4/rook-ceph-operator-bundle@sha256:b7d24802bcb24fec3e2aa9ec92e1c588b8d70089d380b4e5ad6ef750e2b093aa
odf4/rook-ceph-rhel9-operator@sha256:ba08fcb7d4b731f65a8f575f82f2926a6742e61844ddf1e14f6de0428bc63828

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.