—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
=====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Important: OpenShift Container Platform 3.11.634 security update
\nAdvisory ID: RHSA-2022:0555-01
\nProduct: Red Hat OpenShift Enterprise
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0555
\nIssue date: 2022-02-24
\nCVE Names: CVE-2022-20612 CVE-2022-20617
\n=====================================================================<\/p>\n
1. Summary:<\/p>\n
Red Hat OpenShift Container Platform release 3.11.634 is now available with
\nupdates to packages and images that fix several bugs and add enhancements.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Important. A Common Vulnerability Scoring System (CVSS) base score,
\nwhich gives a detailed severity rating, is available for each vulnerability
\nfrom the CVE link(s) in the References section.<\/p>\n
2. Relevant releases\/architectures:<\/p>\n
Red Hat OpenShift Container Platform 3.11 – noarch, ppc64le, x86_64<\/p>\n
3. Description:<\/p>\n
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
\nKubernetes application platform solution designed for on-premise or private
\ncloud deployments.<\/p>\n
Security Fix(es):<\/p>\n
* jenkins-2-plugins\/docker-commons: does not sanitize the name of an image
\nor a tag which could result in an OS command execution (CVE-2022-20617)
\n* jenkins: no POST request is required for the endpoint handling manual
\nbuild requests which could result in CSRF (CVE-2022-20612)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n
4. Solution:<\/p>\n
Before applying this update, ensure all previously released errata relevant
\nto your system is applied.<\/p>\n
For OpenShift Container Platform 3.11 see the following documentation,
\nwhich will be updated shortly for this release, for important instructions
\non how to upgrade your cluster and fully apply this asynchronous errata
\nupdate:<\/p>\n
https:\/\/docs.openshift.com\/container-platform\/3.11\/release_notes\/ocp_3_11_release_notes.html<\/p>\n
Details on how to access this content are available at
\nhttps:\/\/docs.openshift.com\/container-platform\/3.11\/upgrading\/index.html<\/p>\n
5. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
1636993 – Need to update openshift-ansible for ose-efs-provisioner
\n2041983 – 3.11 Travis Builds are failing with dependency issues
\n2044460 – CVE-2022-20612 jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF
\n2044502 – CVE-2022-20617 jenkins-2-plugins\/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution<\/p>\n
6. Package List:<\/p>\n
Red Hat OpenShift Container Platform 3.11:<\/p>\n
Source:
\natomic-enterprise-service-catalog-3.11.634-1.g2e6be86.el7.src.rpm
\natomic-openshift-3.11.634-1.git.0.9b5be6d.el7.src.rpm
\natomic-openshift-cluster-autoscaler-3.11.634-1.g99b2acf.el7.src.rpm
\natomic-openshift-descheduler-3.11.634-1.gd435537.el7.src.rpm
\natomic-openshift-dockerregistry-3.11.634-1.g3571208.el7.src.rpm
\natomic-openshift-metrics-server-3.11.634-1.gf8bf728.el7.src.rpm
\natomic-openshift-node-problem-detector-3.11.634-1.gc8f26da.el7.src.rpm
\natomic-openshift-service-idler-3.11.634-1.g39cfc66.el7.src.rpm
\natomic-openshift-web-console-3.11.634-1.g737ee87.el7.src.rpm
\ngolang-github-openshift-oauth-proxy-3.11.634-1.gedebe84.el7.src.rpm
\ngolang-github-prometheus-alertmanager-3.11.634-1.g13de638.el7.src.rpm
\ngolang-github-prometheus-node_exporter-3.11.634-1.g609cd20.el7.src.rpm
\ngolang-github-prometheus-prometheus-3.11.634-1.g99aae51.el7.src.rpm
\njenkins-2-plugins-3.11.1644412543-1.el7.src.rpm
\njenkins-2.319.2.1644411558-1.el7.src.rpm
\nopenshift-ansible-3.11.634-1.git.0.86bbe6f.el7.src.rpm
\nopenshift-enterprise-autoheal-3.11.634-1.gf2f435d.el7.src.rpm
\nopenshift-enterprise-cluster-capacity-3.11.634-1.g22be164.el7.src.rpm
\nopenshift-kuryr-3.11.634-1.g0c4bf66.el7.src.rpm<\/p>\n
noarch:
\natomic-openshift-docker-excluder-3.11.634-1.git.0.9b5be6d.el7.noarch.rpm
\natomic-openshift-excluder-3.11.634-1.git.0.9b5be6d.el7.noarch.rpm
\njenkins-2-plugins-3.11.1644412543-1.el7.noarch.rpm
\njenkins-2.319.2.1644411558-1.el7.noarch.rpm
\nopenshift-ansible-3.11.634-1.git.0.86bbe6f.el7.noarch.rpm
\nopenshift-ansible-docs-3.11.634-1.git.0.86bbe6f.el7.noarch.rpm
\nopenshift-ansible-playbooks-3.11.634-1.git.0.86bbe6f.el7.noarch.rpm
\nopenshift-ansible-roles-3.11.634-1.git.0.86bbe6f.el7.noarch.rpm
\nopenshift-ansible-test-3.11.634-1.git.0.86bbe6f.el7.noarch.rpm
\nopenshift-kuryr-cni-3.11.634-1.g0c4bf66.el7.noarch.rpm
\nopenshift-kuryr-common-3.11.634-1.g0c4bf66.el7.noarch.rpm
\nopenshift-kuryr-controller-3.11.634-1.g0c4bf66.el7.noarch.rpm
\npython2-kuryr-kubernetes-3.11.634-1.g0c4bf66.el7.noarch.rpm<\/p>\n
ppc64le:
\natomic-enterprise-service-catalog-3.11.634-1.g2e6be86.el7.ppc64le.rpm
\natomic-enterprise-service-catalog-svcat-3.11.634-1.g2e6be86.el7.ppc64le.rpm
\natomic-openshift-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-clients-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-cluster-autoscaler-3.11.634-1.g99b2acf.el7.ppc64le.rpm
\natomic-openshift-descheduler-3.11.634-1.gd435537.el7.ppc64le.rpm
\natomic-openshift-hyperkube-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-hypershift-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-master-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-metrics-server-3.11.634-1.gf8bf728.el7.ppc64le.rpm
\natomic-openshift-node-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-node-problem-detector-3.11.634-1.gc8f26da.el7.ppc64le.rpm
\natomic-openshift-pod-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-sdn-ovs-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-service-idler-3.11.634-1.g39cfc66.el7.ppc64le.rpm
\natomic-openshift-template-service-broker-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-tests-3.11.634-1.git.0.9b5be6d.el7.ppc64le.rpm
\natomic-openshift-web-console-3.11.634-1.g737ee87.el7.ppc64le.rpm
\ngolang-github-openshift-oauth-proxy-3.11.634-1.gedebe84.el7.ppc64le.rpm
\nopenshift-enterprise-autoheal-3.11.634-1.gf2f435d.el7.ppc64le.rpm
\nopenshift-enterprise-cluster-capacity-3.11.634-1.g22be164.el7.ppc64le.rpm
\nprometheus-3.11.634-1.g99aae51.el7.ppc64le.rpm
\nprometheus-alertmanager-3.11.634-1.g13de638.el7.ppc64le.rpm
\nprometheus-node-exporter-3.11.634-1.g609cd20.el7.ppc64le.rpm<\/p>\n
x86_64:
\natomic-enterprise-service-catalog-3.11.634-1.g2e6be86.el7.x86_64.rpm
\natomic-enterprise-service-catalog-svcat-3.11.634-1.g2e6be86.el7.x86_64.rpm
\natomic-openshift-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-clients-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-clients-redistributable-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-cluster-autoscaler-3.11.634-1.g99b2acf.el7.x86_64.rpm
\natomic-openshift-descheduler-3.11.634-1.gd435537.el7.x86_64.rpm
\natomic-openshift-dockerregistry-3.11.634-1.g3571208.el7.x86_64.rpm
\natomic-openshift-hyperkube-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-hypershift-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-master-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-metrics-server-3.11.634-1.gf8bf728.el7.x86_64.rpm
\natomic-openshift-node-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-node-problem-detector-3.11.634-1.gc8f26da.el7.x86_64.rpm
\natomic-openshift-pod-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-sdn-ovs-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-service-idler-3.11.634-1.g39cfc66.el7.x86_64.rpm
\natomic-openshift-template-service-broker-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-tests-3.11.634-1.git.0.9b5be6d.el7.x86_64.rpm
\natomic-openshift-web-console-3.11.634-1.g737ee87.el7.x86_64.rpm
\ngolang-github-openshift-oauth-proxy-3.11.634-1.gedebe84.el7.x86_64.rpm
\nopenshift-enterprise-autoheal-3.11.634-1.gf2f435d.el7.x86_64.rpm
\nopenshift-enterprise-cluster-capacity-3.11.634-1.g22be164.el7.x86_64.rpm
\nprometheus-3.11.634-1.g99aae51.el7.x86_64.rpm
\nprometheus-alertmanager-3.11.634-1.g13de638.el7.x86_64.rpm
\nprometheus-node-exporter-3.11.634-1.g609cd20.el7.x86_64.rpm<\/p>\n
These packages are GPG signed by Red Hat for security. Our key and
\ndetails on how to verify the signature are available from
\nhttps:\/\/access.redhat.com\/security\/team\/key\/<\/p>\n
7. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2022-20612
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-20617
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#important<\/p>\n
8. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBYheuv9zjgjWX9erEAQhKeA\/+JNhDIv7MwpTfWJ0xKLsB2JIw3o4no4Ze
\nf2hlC1Nb9P\/zCAsgWcYpZlebpM7xmK3+l8OE1fSeBf3hHRrnYSCSa+xDRLwsz9Ws
\nf3+SMxUa38F+bKKRcgvGtommN2C5SafuGBiSJLJLreNdnoJmCPFtsJ5qmTI1gXvN
\n9SNd+5pdUW\/LDWXtoMISofK2YiLbbfB2U9fk1hWNmJfPDVIYp7oDnaUc+BAFx8ck
\nKEw21CDbJ258MQlsGd9DOQRu5p6d4iAg98G7rRCnec3b5evyRtCWmVgRtcQgMiF6
\n2Q0IhrPcb7QzuvH+N9PosBxOnYr77p4WmlBp52KgmuiUHF3ikAOYjTXfXfTqc2jm
\n9iaT9OZqajhI1ktK2mGQywEp7C+GVJeOeZComK\/Q2IdBKCj6XvxGY1WvlFtEfvc5
\n0qLy9K0mZap0S9vWIzLqT6ZFW7HjTXzXSrflX6zl+ztObJSpc\/PbI0L3Ij168oF6
\npzs3q96rz89PmD+Jy9cU7S1bdP7r9E7H1grmI7zagdOMTtmebgsUVFaN1KLXD61c
\nfqWEqNxOXo1I9yVWySFxwt2485luZPP62ByQJVjMW30TU3CFlgApdUXzb4\/ZymM9
\nW9N6IQXQNvLINDv7S39Qa73Y2HoUvpmHJdbG3fujJMKHP4B+ImrzBO2x0ecxSQnj
\nSX1Ue8Faudw=
\n=Fsgu
\n—–END PGP SIGNATURE—–<\/p>\n
—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 3.11.634 security update Advisory ID: RHSA-2022:0555-01 Product: Red Hat OpenShift Enterprise Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:0555 Issue date: 2022-02-24 CVE Names: CVE-2022-20612 CVE-2022-20617 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 3.11.634 is now available with updates to packages and …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-21063","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=21063"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/21063\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=21063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=21063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=21063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}