Red Hat Product Errata RHSA-2024:8238 - Security Advisory
Issued:
2024-10-23
Updated:
2024-10-23

RHSA-2024:8238 - Security Advisory

Synopsis

Moderate: OpenShift Container Platform 4.14.39 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.39. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8235

Security Fix(es):

  • Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in

containers/common Go Library (CVE-2024-9341)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64

Fixes

  • BZ - 2315691 - CVE-2024-9341 Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library

Red Hat OpenShift Container Platform 4.14 for RHEL 8

SRPM
container-selinux-2.228.1-1.rhaos4.14.el8.src.rpm SHA-256: db2b88019598601ab4c13d3d9968f9113d1ecfa14a8fc1ca43065b00ac55591c
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.src.rpm SHA-256: d2167d836c73d3f7ca83f8d28a2878de32667864028712a8589ed24b2c2423ae
x86_64
container-selinux-2.228.1-1.rhaos4.14.el8.noarch.rpm SHA-256: 7e9967282449a3363e6a95467fd06b5eddb87137fff50bebb98fb1eaccb40b29
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.x86_64.rpm SHA-256: 710e060a98f5916de058933150caa657eab92b4d366a3e2dbd214507fa304000
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el8.x86_64.rpm SHA-256: 82105a33ae306cdbfd490c2ad5858877dbb601ed7a482d312485838dccfa614b
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el8.x86_64.rpm SHA-256: 464cd7fdabac4dbacb54b467f04c6f03399b72949eafecc780c4007cedb1c6d1

Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9

SRPM
container-selinux-2.228.1-1.rhaos4.14.el9.src.rpm SHA-256: eaa83ffb6e5377fd67831a9c15acab8453c39d705360766c4eff6e478866b076
cri-o-1.27.8-10.rhaos4.14.git807f92c.el9.src.rpm SHA-256: 64ace1ef21116d15713ee4b0e3e2e7963d21a82d743a1bb792bead550c469b32
ppc64le
container-selinux-2.228.1-1.rhaos4.14.el9.noarch.rpm SHA-256: 74f02bd1694390c03cb2d62e176f2e0b5040d213dcbc14c5735fb97b47a0a785
cri-o-1.27.8-10.rhaos4.14.git807f92c.el9.ppc64le.rpm SHA-256: 21a4596423b91e391d9be6a6b9653e396ea7852e995ca392b342eee702ea7f2a
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el9.ppc64le.rpm SHA-256: c0d02d38d0950801460e5f6063b202b15fe46745a8a1ba05820f29f67c0cd016
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el9.ppc64le.rpm SHA-256: 142f4b9f5de4fde598b49981dda7d1e03950a1d1dba0904418a39a652537a8f1

Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8

SRPM
container-selinux-2.228.1-1.rhaos4.14.el8.src.rpm SHA-256: db2b88019598601ab4c13d3d9968f9113d1ecfa14a8fc1ca43065b00ac55591c
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.src.rpm SHA-256: d2167d836c73d3f7ca83f8d28a2878de32667864028712a8589ed24b2c2423ae
ppc64le
container-selinux-2.228.1-1.rhaos4.14.el8.noarch.rpm SHA-256: 7e9967282449a3363e6a95467fd06b5eddb87137fff50bebb98fb1eaccb40b29
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.ppc64le.rpm SHA-256: 547042f4e098ffa8cf7ce70aca391844e95af67204f3657c727bf709ac7307c1
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el8.ppc64le.rpm SHA-256: 31be1755c9899990dd3858292c5f77592f7ee27c19adb964e8dd4cc865f49e2c
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el8.ppc64le.rpm SHA-256: fe27c0b8f4637c9a8fa9ae33b2faff3f53e16a2184c2c9102ad813a9d29d6d0d

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8

SRPM
container-selinux-2.228.1-1.rhaos4.14.el8.src.rpm SHA-256: db2b88019598601ab4c13d3d9968f9113d1ecfa14a8fc1ca43065b00ac55591c
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.src.rpm SHA-256: d2167d836c73d3f7ca83f8d28a2878de32667864028712a8589ed24b2c2423ae
s390x
container-selinux-2.228.1-1.rhaos4.14.el8.noarch.rpm SHA-256: 7e9967282449a3363e6a95467fd06b5eddb87137fff50bebb98fb1eaccb40b29
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.s390x.rpm SHA-256: 30d81365ca33a593e7c764db1859f700c54f1ab1a26a6b7f8701e42cdd1f2332
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el8.s390x.rpm SHA-256: ddf74bfa41c1b2d1fe1f89ad70a33e9ec613e0156dd5cb494c5af0c5d3fded2b
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el8.s390x.rpm SHA-256: c4298a5e711e2e833af33c72f22e3f307e7ba01fc6a5ac0b1483e4270cd3c5b0

Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9

SRPM
container-selinux-2.228.1-1.rhaos4.14.el9.src.rpm SHA-256: eaa83ffb6e5377fd67831a9c15acab8453c39d705360766c4eff6e478866b076
cri-o-1.27.8-10.rhaos4.14.git807f92c.el9.src.rpm SHA-256: 64ace1ef21116d15713ee4b0e3e2e7963d21a82d743a1bb792bead550c469b32
aarch64
container-selinux-2.228.1-1.rhaos4.14.el9.noarch.rpm SHA-256: 74f02bd1694390c03cb2d62e176f2e0b5040d213dcbc14c5735fb97b47a0a785
cri-o-1.27.8-10.rhaos4.14.git807f92c.el9.aarch64.rpm SHA-256: ffefb1709bf37b96147d570add5ab10e4db05cb0e26173fb888453f707f3d9e6
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el9.aarch64.rpm SHA-256: 9cde1b9bac7edca3b8a39d5f6e44758fbb03e52b4b401ee51a04d7b7f5cc9542
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el9.aarch64.rpm SHA-256: 4e88c3548ae4ede93bba3296b5cfa3ad9340d1ecc26925bbf7bdb25e3c75b270

Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8

SRPM
container-selinux-2.228.1-1.rhaos4.14.el8.src.rpm SHA-256: db2b88019598601ab4c13d3d9968f9113d1ecfa14a8fc1ca43065b00ac55591c
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.src.rpm SHA-256: d2167d836c73d3f7ca83f8d28a2878de32667864028712a8589ed24b2c2423ae
aarch64
container-selinux-2.228.1-1.rhaos4.14.el8.noarch.rpm SHA-256: 7e9967282449a3363e6a95467fd06b5eddb87137fff50bebb98fb1eaccb40b29
cri-o-1.27.8-10.rhaos4.14.git807f92c.el8.aarch64.rpm SHA-256: 788e890c73f40a2fcdfb678b25dc2b3d21e239a8f0f66bdc2aea1bc2f2d2cb58
cri-o-debuginfo-1.27.8-10.rhaos4.14.git807f92c.el8.aarch64.rpm SHA-256: bd8243793200a0b97fe75b302f9b015840efaddee66f6f100d922f05adcfb38b
cri-o-debugsource-1.27.8-10.rhaos4.14.git807f92c.el8.aarch64.rpm SHA-256: c281f9e515e6a5fe418f780c74e51221343065982f3a2e71393499ea98570b5a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.