RHSA-2022:7398

Description

Red Hat Security Advisory: OpenShift Container Platform 4.12.0 packages and security update

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• redhat•afterburn

  < 0:5.3.0-1.rhaos4.12.el8 | < 0:5.3.0-1.rhaos4.12.el9

• redhat•afterburn-debuginfo

  < 0:5.3.0-1.rhaos4.12.el8 | < 0:5.3.0-1.rhaos4.12.el9

• redhat•afterburn-dracut

  < 0:5.3.0-1.rhaos4.12.el9

• redhat•ansible-runner

  < 0:1.4.6-2.el8ar

• redhat•ansible-runner-http

  < 0:1.0.0-2.el8ar

• redhat•atomic-openshift-service-idler

  < 0:4.12.0-202210141624.p0.ga0f9090.assembly.stream.el8

• redhat•bootupd

  < 0:0.2.5-3.rhaos4.12.el8

• redhat•bootupd-debuginfo

  < 0:0.2.5-3.rhaos4.12.el8

• redhat•buildah

  < 1:1.23.4-2.el8 | < 1:1.23.4-3.rhaos4.12.el9

• redhat•buildah-debuginfo

  < 1:1.23.4-2.el8 | < 1:1.23.4-3.rhaos4.12.el9

• redhat•buildah-debugsource

  < 1:1.23.4-2.el8 | < 1:1.23.4-3.rhaos4.12.el9

• redhat•buildah-tests

  < 1:1.23.4-2.el8 | < 1:1.23.4-3.rhaos4.12.el9

• redhat•buildah-tests-debuginfo

  < 1:1.23.4-2.el8 | < 1:1.23.4-3.rhaos4.12.el9

• redhat•butane

  < 0:0.16.0-2.rhaos4.12.el8

• redhat•butane-debuginfo

  < 0:0.16.0-2.rhaos4.12.el8

• redhat•butane-debugsource

  < 0:0.16.0-2.rhaos4.12.el8

• redhat•butane-redistributable

  < 0:0.16.0-2.rhaos4.12.el8

• redhat•conmon

  < 2:2.1.2-2.rhaos4.11.el8 | < 2:2.1.2-3.rhaos4.12.el9

• redhat•conmon-debuginfo

  < 2:2.1.2-2.rhaos4.11.el8 | < 2:2.1.2-3.rhaos4.12.el9

• redhat•conmon-debugsource

  < 2:2.1.2-2.rhaos4.11.el8 | < 2:2.1.2-3.rhaos4.12.el9

• redhat•conmon-rs

  < 0:0.4.0-2.rhaos4.12.git.el8 | < 0:0.4.0-2.rhaos4.12.git.el9

• redhat•console-login-helper-messages

  < 0:0.20.4-1.rhaos4.12.el8

• redhat•console-login-helper-messages-issuegen

  < 0:0.20.4-1.rhaos4.12.el8

• redhat•console-login-helper-messages-profile

  < 0:0.20.4-1.rhaos4.12.el8

• redhat•container-selinux

  < 2:2.188.0-1.rhaos4.12.el8

• redhat•containernetworking-plugins

  < 0:1.0.1-5.rhaos4.11.el8

• redhat•containernetworking-plugins-debuginfo

  < 0:1.0.1-5.rhaos4.11.el8

• redhat•containernetworking-plugins-debugsource

  < 0:1.0.1-5.rhaos4.11.el8

• redhat•containers-common

  < 2:1-27.rhaos4.12.el8

• redhat•coreos-installer

  < 0:0.16.1-1.rhaos4.12.el8 | < 0:0.16.1-1.rhaos4.12.el9

• redhat•coreos-installer-bootinfra

  < 0:0.16.1-1.rhaos4.12.el8 | < 0:0.16.1-1.rhaos4.12.el9

• redhat•coreos-installer-bootinfra-debuginfo

  < 0:0.16.1-1.rhaos4.12.el8 | < 0:0.16.1-1.rhaos4.12.el9

• redhat•coreos-installer-debuginfo

  < 0:0.16.1-1.rhaos4.12.el8 | < 0:0.16.1-1.rhaos4.12.el9

• redhat•coreos-installer-debugsource

  < 0:0.16.1-1.rhaos4.12.el8 | < 0:0.16.1-1.rhaos4.12.el9

• redhat•coreos-installer-dracut

  < 0:0.16.1-1.rhaos4.12.el9

• redhat•cri-o

  < 0:1.25.1-5.rhaos4.12.git6005903.el8 | < 0:1.25.1-5.rhaos4.12.git6005903.el9

• redhat•cri-o-debuginfo

  < 0:1.25.1-5.rhaos4.12.git6005903.el8 | < 0:1.25.1-5.rhaos4.12.git6005903.el9

• redhat•cri-o-debugsource

  < 0:1.25.1-5.rhaos4.12.git6005903.el8 | < 0:1.25.1-5.rhaos4.12.git6005903.el9

• redhat•cri-tools

  < 0:1.25.0-2.el8 | < 0:1.25.0-2.el9

• redhat•cri-tools-debuginfo

  < 0:1.25.0-2.el8 | < 0:1.25.0-2.el9

• redhat•cri-tools-debugsource

  < 0:1.25.0-2.el8 | < 0:1.25.0-2.el9

• redhat•crit

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu-debuginfo

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu-debugsource

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu-devel

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu-libs

  < 0:3.15-4.rhaos4.11.el8

• redhat•criu-libs-debuginfo

  < 0:3.15-4.rhaos4.11.el8

• redhat•crudini

  < 0:0.9-11.el8ost.1 | < 0:0.9.3-4.el9

• redhat•crun

  < 0:1.4.2-1.rhaos4.11.el8 | < 0:1.4.2-2.rhaos4.12.el9

Showing first 50 affected entries in server-rendered view.

References (88)

• https://access.redhat.com/errata/RHSA-2022:7398
• https://access.redhat.com/security/updates/classification/#moderate
• https://bugzilla.redhat.com/show_bug.cgi?id=2103220
• https://bugzilla.redhat.com/show_bug.cgi?id=2107342
• https://bugzilla.redhat.com/show_bug.cgi?id=2107383
• https://bugzilla.redhat.com/show_bug.cgi?id=2113814
• https://bugzilla.redhat.com/show_bug.cgi?id=2121632
• https://bugzilla.redhat.com/show_bug.cgi?id=2124669
• https://bugzilla.redhat.com/show_bug.cgi?id=2127804
• https://bugzilla.redhat.com/show_bug.cgi?id=2132868
• https://bugzilla.redhat.com/show_bug.cgi?id=2132872
• https://bugzilla.redhat.com/show_bug.cgi?id=2134063
• https://bugzilla.redhat.com/show_bug.cgi?id=2136673
• https://bugzilla.redhat.com/show_bug.cgi?id=2156727
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2022_7398.json
• https://access.redhat.com/security/cve/CVE-2021-4235
• https://www.cve.org/CVERecord?id=CVE-2021-4235
• https://nvd.nist.gov/vuln/detail/CVE-2021-4235
• https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
• https://github.com/go-yaml/yaml/pull/375
• https://pkg.go.dev/vuln/GO-2021-0061
• https://access.redhat.com/security/cve/CVE-2022-1705
• https://bugzilla.redhat.com/show_bug.cgi?id=2107374
• https://www.cve.org/CVERecord?id=CVE-2022-1705
• https://nvd.nist.gov/vuln/detail/CVE-2022-1705
• https://go.dev/issue/53188
• https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
• https://access.redhat.com/security/cve/CVE-2022-2879
• https://bugzilla.redhat.com/show_bug.cgi?id=2132867
• https://www.cve.org/CVERecord?id=CVE-2022-2879
• https://nvd.nist.gov/vuln/detail/CVE-2022-2879
• https://github.com/golang/go/issues/54853
• https://github.com/vbatts/tar-split/releases/tag/v0.12.1
• https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1
• https://access.redhat.com/security/cve/CVE-2022-2880
• https://www.cve.org/CVERecord?id=CVE-2022-2880
• https://nvd.nist.gov/vuln/detail/CVE-2022-2880
• https://github.com/golang/go/issues/54663
• https://access.redhat.com/security/cve/CVE-2022-2995
• https://www.cve.org/CVERecord?id=CVE-2022-2995
• https://nvd.nist.gov/vuln/detail/CVE-2022-2995
• https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
• https://access.redhat.com/security/cve/CVE-2022-2996
• https://bugzilla.redhat.com/show_bug.cgi?id=2115122
• https://www.cve.org/CVERecord?id=CVE-2022-2996
• https://nvd.nist.gov/vuln/detail/CVE-2022-2996
• https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c
• https://access.redhat.com/security/cve/CVE-2022-3162
• https://www.cve.org/CVERecord?id=CVE-2022-3162
• https://nvd.nist.gov/vuln/detail/CVE-2022-3162
• https://github.com/kubernetes/kubernetes/issues/113756
• https://access.redhat.com/security/cve/CVE-2022-3172
• https://www.cve.org/CVERecord?id=CVE-2022-3172
• https://nvd.nist.gov/vuln/detail/CVE-2022-3172
• https://github.com/kubernetes/kubernetes/issues/112513
• https://access.redhat.com/security/cve/CVE-2022-3259
• https://www.cve.org/CVERecord?id=CVE-2022-3259
• https://nvd.nist.gov/vuln/detail/CVE-2022-3259
• https://access.redhat.com/security/cve/CVE-2022-3466
• https://www.cve.org/CVERecord?id=CVE-2022-3466
• https://nvd.nist.gov/vuln/detail/CVE-2022-3466
• https://access.redhat.com/security/cve/CVE-2022-27664
• https://www.cve.org/CVERecord?id=CVE-2022-27664
• https://nvd.nist.gov/vuln/detail/CVE-2022-27664
• https://go.dev/issue/54658
• https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ
• https://access.redhat.com/security/cve/CVE-2022-30631
• https://www.cve.org/CVERecord?id=CVE-2022-30631
• https://nvd.nist.gov/vuln/detail/CVE-2022-30631
• https://go.dev/issue/53168
• https://access.redhat.com/security/cve/CVE-2022-32148
• https://www.cve.org/CVERecord?id=CVE-2022-32148
• https://nvd.nist.gov/vuln/detail/CVE-2022-32148
• https://go.dev/issue/53423
• https://access.redhat.com/security/cve/CVE-2022-32189
• https://www.cve.org/CVERecord?id=CVE-2022-32189
• https://nvd.nist.gov/vuln/detail/CVE-2022-32189
• https://go.dev/issue/53871
• https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU
• https://access.redhat.com/security/cve/CVE-2022-32190
• https://bugzilla.redhat.com/show_bug.cgi?id=2124668
• https://www.cve.org/CVERecord?id=CVE-2022-32190
• https://nvd.nist.gov/vuln/detail/CVE-2022-32190
• https://go.dev/issue/54385
• https://access.redhat.com/security/cve/CVE-2022-41715
• https://www.cve.org/CVERecord?id=CVE-2022-41715
• https://nvd.nist.gov/vuln/detail/CVE-2022-41715
• https://github.com/golang/go/issues/55949