Red Hat Product Errata RHSA-2024:9618 - Security Advisory
Issued:
2024-11-20
Updated:
2024-11-20

RHSA-2024:9618 - Security Advisory

Synopsis

Important: OpenShift Container Platform 4.16.23 packages and security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.16.23 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.16.23. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:9615

Security Fix(es):

  • waitress: python-waitress: request processing race condition in HTTP

pipelining with invalid first request (CVE-2024-49768)

  • waitress: Waitress has a denial of service leading to high CPU

usage/resource exhaustion (CVE-2024-49769)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution

For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Affected Products

  • Red Hat OpenShift Container Platform 4.16 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.16 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.16 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.16 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.16 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.16 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.16 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.16 for RHEL 8 aarch64

Fixes

  • BZ - 2322460 - CVE-2024-49768 waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
  • BZ - 2322461 - CVE-2024-49769 waitress: Waitress has a denial of service leading to high CPU usage/resource exhaustion

Red Hat OpenShift Container Platform 4.16 for RHEL 9

SRPM
kata-containers-3.7.0-4.rhaos4.16.el9.src.rpm SHA-256: c72fe340e328771fc554958384b89b5071a85ec527a8a92dd670830ff0c28952
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.src.rpm SHA-256: b212948cc59dbff8242426a3f4bd32c8346fc0075ed87b3606c2316c764ef0a8
x86_64
kata-containers-3.7.0-4.rhaos4.16.el9.x86_64.rpm SHA-256: f24091afdd763e06e78dbe977a35efa7d29517f0dcc6dcca461e770eba948229
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.x86_64.rpm SHA-256: 543fc4d1b24b32e99441633959ecb50f7fc889047184a4274cf426c8620c6a0b
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.x86_64.rpm SHA-256: 30262d2761ff9f8f46de414bd4d883b7b7a78c30c081ba9c54a4a84fdf45ec40
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.x86_64.rpm SHA-256: d13ba57b735142a8fecafddbcd0c8cf3d2038113698782852fce9d7cbcc8b608
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.x86_64.rpm SHA-256: 6dfbad460e8be162e3d2699be7681e512831097b9d9e17afc43d03ba73e59df3
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.x86_64.rpm SHA-256: 180d3f2b637314fa68a2295fb9b7a45f506619b5a71cde9e77d47d98bb26fba3

Red Hat OpenShift Container Platform 4.16 for RHEL 8

SRPM
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.src.rpm SHA-256: 56c98eeba645894178585be3de5232f6f4bb0260a5c3192811c44b8c6f9ed005
x86_64
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.x86_64.rpm SHA-256: 207b22ead3aefdf032217b246cf9c86bb9662c048af5ecb3f4a5dd1db8e8e172
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.x86_64.rpm SHA-256: fb6425dc0cf8400c883a1f7a987f6f8b913ff832220de4f99777d830b80a8af2
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.x86_64.rpm SHA-256: ca64da74ad21a38825fbeea0b515b0f7c6b1c5f3f09ba565bff1fea1d33a2de8
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.x86_64.rpm SHA-256: e61d2a7795c8fd83c1b4462578cd69a906f83529f6678fcc36ace9586eff49c2
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.x86_64.rpm SHA-256: 924a65363bc94163f3e6a61b5afc5b1bdb65ea93971e123db64cd7c6c2843cfc

Red Hat OpenShift Container Platform for Power 4.16 for RHEL 9

SRPM
kata-containers-3.7.0-4.rhaos4.16.el9.src.rpm SHA-256: c72fe340e328771fc554958384b89b5071a85ec527a8a92dd670830ff0c28952
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.src.rpm SHA-256: b212948cc59dbff8242426a3f4bd32c8346fc0075ed87b3606c2316c764ef0a8
ppc64le
kata-containers-3.7.0-4.rhaos4.16.el9.ppc64le.rpm SHA-256: dc16e581dbdde754c09d047f5e4ad070143090fc681b79b45ee2566f6bc05a6d
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.ppc64le.rpm SHA-256: 2a2b973846602b05e363d8beea277f3b5a3c9e16ff139410276967e5a64b2aa2
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.ppc64le.rpm SHA-256: 486f307d53e642fe90894ef6869ac028fb32656f9e38c07666030816ae85de93
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.ppc64le.rpm SHA-256: f644155af26daf7e608815048b1981c501fd54c291e32a0e85674da3552e1cb6
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.ppc64le.rpm SHA-256: 340b0e368e4dd79cbd3bfbe03c025342b46d4a400bae9f8502bdc120629b6788
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.ppc64le.rpm SHA-256: 5f2bf191bf94cbc848f0bce01990b079c75d067c6b410f9492fbd6565681972f

Red Hat OpenShift Container Platform for Power 4.16 for RHEL 8

SRPM
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.src.rpm SHA-256: 56c98eeba645894178585be3de5232f6f4bb0260a5c3192811c44b8c6f9ed005
ppc64le
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.ppc64le.rpm SHA-256: f9f1485e4bc78192061e23cc6db4bf785fd2b12aa222c8fc98f0589add0c0dcd
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.ppc64le.rpm SHA-256: a00f213a67bb2d63c41b571c414fa8ed8bca4f483c04808286eb1cda9d74ad89
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.ppc64le.rpm SHA-256: 794e300f4ac9374518539dd246c3fbb5d3f1456fba97bcf0369186e77a0e97d0
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.ppc64le.rpm SHA-256: e62c82524877fd089030f15d36d93ceb517f739a69f507f908797aa824161a9f
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.ppc64le.rpm SHA-256: 63f52c451188fcad78d2b726e2d8a276a90a1e705c7b072018c107bf9ee0ef23

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.16 for RHEL 9

SRPM
kata-containers-3.7.0-4.rhaos4.16.el9.src.rpm SHA-256: c72fe340e328771fc554958384b89b5071a85ec527a8a92dd670830ff0c28952
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.src.rpm SHA-256: b212948cc59dbff8242426a3f4bd32c8346fc0075ed87b3606c2316c764ef0a8
s390x
kata-containers-3.7.0-4.rhaos4.16.el9.s390x.rpm SHA-256: 23b16e271186a500cc67f05cabca06fa796fd70a3443a84a8d72047c25a66186
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.s390x.rpm SHA-256: 1d201f32f1d93b55725a2d9528568484ea092682f868af9067fe9a1e2c947e9e
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.s390x.rpm SHA-256: cd30158db75a29047b6105828954719ff197d5eeca5b116a4dc1e37aa39979c4
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.s390x.rpm SHA-256: 93f849ce38c90b16e9a2f863975d3657fa3fe6c06a90497ad265f5377792eed3
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.s390x.rpm SHA-256: 5df1a6ab16877deb3230367b4b24911ca6ec6c9fbaf64ffd671d3c9d1368c8ec
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.s390x.rpm SHA-256: 8e3533974879b010a527f7cb36941a5e23ca95b8212515e481767e399591c8a9

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.16 for RHEL 8

SRPM
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.src.rpm SHA-256: 56c98eeba645894178585be3de5232f6f4bb0260a5c3192811c44b8c6f9ed005
s390x
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.s390x.rpm SHA-256: 1c9682e193e27724706bd3f0cc1de5cb4b39b42cff97db2807387f5ca819490c
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.s390x.rpm SHA-256: e30575847b42ceadeca931ad472a9b34c608454ed67329fc3ae9c8d0502e74bb
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.s390x.rpm SHA-256: 03d322b634f36676a9b42234fa41223bc4d124a9984b6ccebb7af9daa850b937
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.s390x.rpm SHA-256: 7a945a2aa915db20517a69f2e78f31e155b659df81bc39e63ed07356db3a7f0c
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.s390x.rpm SHA-256: 53921ae7cc5da9e506538f802fa0eb2c0cad52053943fa3914efb7a049163fb0

Red Hat OpenShift Container Platform for ARM 64 4.16 for RHEL 9

SRPM
kata-containers-3.7.0-4.rhaos4.16.el9.src.rpm SHA-256: c72fe340e328771fc554958384b89b5071a85ec527a8a92dd670830ff0c28952
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.src.rpm SHA-256: b212948cc59dbff8242426a3f4bd32c8346fc0075ed87b3606c2316c764ef0a8
aarch64
kata-containers-3.7.0-4.rhaos4.16.el9.aarch64.rpm SHA-256: f489c713605dfce03d004a65552ec2511b4a5d683ea0ca76a9d2c284fa213eb3
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.aarch64.rpm SHA-256: 3979da86ccb25716aa33e3f00c38a52cb971220cfcbeee7e9aaf41d23483854e
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.aarch64.rpm SHA-256: 76c35ae06f4e801f923f0a43f63decddb7ee890dcdcf378304b3122f63e213bb
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.aarch64.rpm SHA-256: b286e69d4afdd226dded3efe4a2ed8a3370dcaa461e914796ee7bad68d610ed3
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.aarch64.rpm SHA-256: 3a01d06beee81e214f36a17c347b0bcf73b936ccf2a98edb6bc995a2b8f871b2
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el9.aarch64.rpm SHA-256: 85da5b770210934f14460bceae2b1fb6365b68cf1d87a6e8957c24629bdfa878

Red Hat OpenShift Container Platform for ARM 64 4.16 for RHEL 8

SRPM
openshift-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.src.rpm SHA-256: 56c98eeba645894178585be3de5232f6f4bb0260a5c3192811c44b8c6f9ed005
aarch64
openshift-hyperkube-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.aarch64.rpm SHA-256: e581f198aedcb78f9e05c82a9673e3eeb76e32dcdae7c7dfb7e9ffbafe7813db
openshift-kube-apiserver-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.aarch64.rpm SHA-256: 0182aee7e5d0d297caf8339d5dc10f8a6cd59c82a4e3d16e71dad57ef7821825
openshift-kube-controller-manager-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.aarch64.rpm SHA-256: 9b9a32e2d6f48df8e4860c98e1dc01fb0a142a3c423d0f7ee7fe6971945296ae
openshift-kube-scheduler-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.aarch64.rpm SHA-256: e609e69146d5a607d36f937c4903460221664bbef0889a7e5e92e994f6dc9122
openshift-kubelet-4.16.0-202411111337.p0.g7423cac.assembly.stream.el8.aarch64.rpm SHA-256: 46a3c835a98ab2b38bb032a2849fda18ed16001168a7a50a9fbddb724383fce0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.