(RHSA-2022:5068) Moderate: OpenShift Container Platform 4.11.0 packages and security update

2022-08-1009:13:55

access.redhat.com

0.005 Low

EPSS

Percentile

76.0%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

ignition: configs are accessible from unprivileged containers in VMs running on VMware products (CVE-2022-1706)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-jsonschema< 3.2.0-6.el8python3-jsonschema-3.2.0-6.el8.noarch.rpm
RedHat8s390xovn22.06< 22.06.0-27.el8fdpovn22.06-22.06.0-27.el8fdp.s390x.rpm
RedHat8aarch64python3-pynacl< 1.3.0-6.el8python3-pynacl-1.3.0-6.el8.aarch64.rpm
RedHat8s390xskopeo< 1.5.2-3.rhaos4.11.el8skopeo-1.5.2-3.rhaos4.11.el8.s390x.rpm
RedHat8noarchpython3-oslo-serialization-tests< 4.3.0-0.20220509195921.6910f75.el8python3-oslo-serialization-tests-4.3.0-0.20220509195921.6910f75.el8.noarch.rpm
RedHat8s390xpodman-debuginfo< 4.0.2-6.rhaos4.11.el8podman-debuginfo-4.0.2-6.rhaos4.11.el8.s390x.rpm
RedHat8x86_64cri-tools< 1.24.2-4.1.el8cri-tools-1.24.2-4.1.el8.x86_64.rpm
RedHat8aarch64criu-libs< 3.15-4.rhaos4.11.el8criu-libs-3.15-4.rhaos4.11.el8.aarch64.rpm
RedHat8x86_64coreos-installer-debugsource< 0.15.0-2.rhaos4.11.el8coreos-installer-debugsource-0.15.0-2.rhaos4.11.el8.x86_64.rpm
RedHat8aarch64python3-criu< 3.15-4.rhaos4.11.el8python3-criu-3.15-4.rhaos4.11.el8.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3-jsonschema	< 3.2.0-6.el8	python3-jsonschema-3.2.0-6.el8.noarch.rpm
RedHat	8	s390x	ovn22.06	< 22.06.0-27.el8fdp	ovn22.06-22.06.0-27.el8fdp.s390x.rpm
RedHat	8	aarch64	python3-pynacl	< 1.3.0-6.el8	python3-pynacl-1.3.0-6.el8.aarch64.rpm
RedHat	8	s390x	skopeo	< 1.5.2-3.rhaos4.11.el8	skopeo-1.5.2-3.rhaos4.11.el8.s390x.rpm
RedHat	8	noarch	python3-oslo-serialization-tests	< 4.3.0-0.20220509195921.6910f75.el8	python3-oslo-serialization-tests-4.3.0-0.20220509195921.6910f75.el8.noarch.rpm
RedHat	8	s390x	podman-debuginfo	< 4.0.2-6.rhaos4.11.el8	podman-debuginfo-4.0.2-6.rhaos4.11.el8.s390x.rpm
RedHat	8	x86_64	cri-tools	< 1.24.2-4.1.el8	cri-tools-1.24.2-4.1.el8.x86_64.rpm
RedHat	8	aarch64	criu-libs	< 3.15-4.rhaos4.11.el8	criu-libs-3.15-4.rhaos4.11.el8.aarch64.rpm
RedHat	8	x86_64	coreos-installer-debugsource	< 0.15.0-2.rhaos4.11.el8	coreos-installer-debugsource-0.15.0-2.rhaos4.11.el8.x86_64.rpm
RedHat	8	aarch64	python3-criu	< 3.15-4.rhaos4.11.el8	python3-criu-3.15-4.rhaos4.11.el8.aarch64.rpm