(RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

Red Hat OpenShift Container Storage is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Storage is highly scalable, production-grade
persistent storage for stateful applications running in the Red Hat
OpenShift Container Platform. In addition to persistent storage, Red Hat
OpenShift Container Storage provides a multicloud data management service
with an S3 compatible API.

Security Fix(es):

• nodejs-ssh2: Command injection by calling vulnerable method with
  untrusted input (CVE-2020-26301)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Bug Fix(es):

• Previously, when the namespace store target was deleted, no alert was
  sent to the namespace bucket because of an issue in calculating the
  namespace bucket health. With this update, the issue in calculating the
  namespace bucket health is fixed and alerts are triggered as expected.
  (BZ#1993873)

• Previously, the Multicloud Object Gateway (MCG) components performed
  slowly and there was a lot of pressure on the MCG components due to
  non-optimized database queries. With this update the non-optimized
  database queries are fixed which reduces the compute resources and time
  taken for queries. (BZ#2015939)

Red Hat recommends that all users of OpenShift Container Storage apply this update to fix these issues.