—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
=====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Moderate: OpenShift sandboxed containers 1.4.1 security update
\nAdvisory ID: RHSA-2023:4290-01
\nProduct: Red Hat OpenShift Enterprise
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2023:4290
\nIssue date: 2023-07-27
\nCVE Names: CVE-2020-24736 CVE-2021-46848 CVE-2022-1271
\nCVE-2022-1304 CVE-2022-2509 CVE-2022-3715
\nCVE-2022-28805 CVE-2022-34903 CVE-2022-35737
\nCVE-2022-36227 CVE-2022-40303 CVE-2022-40304
\nCVE-2022-47629 CVE-2023-0464 CVE-2023-0465
\nCVE-2023-0466 CVE-2023-1255 CVE-2023-1667
\nCVE-2023-2283 CVE-2023-2650 CVE-2023-3089
\nCVE-2023-24329 CVE-2023-26604
\n=====================================================================<\/p>\n
1. Summary:<\/p>\n
OpenShift sandboxed containers 1.4.1 is now available.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
\ngives a detailed severity rating, is available for each vulnerability from
\nthe CVE link(s) in the References section.<\/p>\n
2. Description:<\/p>\n
OpenShift sandboxed containers support for OpenShift Container Platform
\nprovides users with built-in support for running Kata containers as an
\nadditional, optional runtime.<\/p>\n
This advisory contains a security update for OpenShift sandboxed
\ncontainers, as well as bug fixes.<\/p>\n
Security fix:<\/p>\n
* A compliance problem was found in the Red Hat OpenShift Container
\nPlatform. Red Hat discovered that when FIPS mode was enabled, not all of
\nthe cryptographic modules in use were FIPS-validated. (CVE-2023-3089)<\/p>\n
For more information about the additional fixes in this release, see the
\nRelease Notes documentation:<\/p>\n
https:\/\/access.redhat.com\/documentation\/en-us\/openshift_sandboxed_containers\/1.4\/html-single\/openshift_sandboxed_containers_release_notes\/<\/p>\n
3. Solution:<\/p>\n
Before applying this update, make sure all previously released errata
\nrelevant to your system have been applied.<\/p>\n
For details on how to apply this update, refer to:<\/p>\n
https:\/\/access.redhat.com\/articles\/11258<\/p>\n
4. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
2212085 – CVE-2023-3089 openshift: OCP & FIPS mode<\/p>\n
5. JIRA issues fixed (https:\/\/issues.redhat.com\/):<\/p>\n
KATA-2121 – taints\/tolerations from kata-monitor daemonset removed by reconciliation
\nKATA-2212 – operator, must-gather, and cloud-api-adapter dockerfiles use ubi8 base images
\nKATA-2299 – 1.4.1 build showing 1.4.0 version
\nOCPBUGS-15175 – [Major Incident] CVE-2023-3089 osc-operator-container: openshift: OCP & FIPS mode [rhosc-1-4]\n
6. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2020-24736
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-46848
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1271
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-1304
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-2509
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-3715
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-28805
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-34903
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-35737
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-36227
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-40303
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-40304
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-47629
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-0464
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-0465
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-0466
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-1255
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-1667
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-2283
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-2650
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-3089
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-24329
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2023-26604
\nhttps:\/\/access.redhat.com\/security\/vulnerabilities\/RHSB-2023-001
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#moderate
\nhttps:\/\/access.redhat.com\/documentation\/en-us\/openshift_sandboxed_containers\/1.4\/html-single\/openshift_sandboxed_containers_release_notes\/<\/p>\n
7. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2023 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIcBAEBCAAGBQJkwdRWAAoJENzjgjWX9erEf1cP\/1R3va9sDeVZofBGgIFDCJL8
\nbIVdeaBrW+4rf+ddy\/l2oYHv5Ei4mBAIpICwMtCP1VBt5prx8GzXhQLuwGQKDD3+
\nKfmPBIJefIcEMwUyuC8vmtlx3+5bj5Ac\/sdDcBwOLhfkxcyP4Ec+bpiKohz6Mjtn
\n8CsJoYhDnk7w\/SvZYGukCHmghsbAJLVqBOduKSLJkL4kIKIOmd0pNBlo4Ph7aLY5
\nYbaT+exB+RstYFkLG63ilfHiExpwAp0zc3H55IQ60to+9IgLwsZ9yyM9lOLiECie
\nUTejf1zzISfVfCqVlL6jJc6596QQKkKni4DWsy4CjvS6jV3ukDyelM2ecfZVshma
\ngugKuUbhDwZMjbrLgNYGnpQpZYUpBoJbK5JUYvQ\/fpNjdxYOFkPQindvy1GSKCvj
\n5m0pftOPWQwil4h4d+l3AxyT1fo5evic+\/i8EPSZNQbYeV43XrLr0VxZP4uq+Pqw
\nT2bQYOBCISu\/nwKuUNkBmcLRbpmpdwu+3Y9du0ftqyXr1GPI7C6lcW4HUKDZM\/ct
\nZ914wsfftCBGWubYIxa+FGDV7k9qkDWVhFtacilNABkwWUJM1p4PSCQmm\/\/Ayymc
\n8Jz2Fasgw9+e2hnQeBoVRHRqyQiWfqq59MKXIkNvCW06FEqoIDWJD7+gMEGwXFqh
\nqwcw4WUp7UKqlYVP5U4T
\n=3TcZ
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift sandboxed containers 1.4.1 security update Advisory ID: RHSA-2023:4290-01 Product: Red Hat OpenShift Enterprise Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2023:4290 Issue date: 2023-07-27 CVE Names: CVE-2020-24736 CVE-2021-46848 CVE-2022-1271 CVE-2022-1304 CVE-2022-2509 CVE-2022-3715 CVE-2022-28805 CVE-2022-34903 CVE-2022-35737 CVE-2022-36227 CVE-2022-40303 CVE-2022-40304 CVE-2022-47629 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-1667 CVE-2023-2283 CVE-2023-2650 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45686","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45686"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45686\/revisions"}],"predecessor-version":[{"id":45964,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45686\/revisions\/45964"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}