An OpenShift Container Platform 4.7 low-latency extras security and bug fix update has been released.

RHSA-2020:5364-01: Moderate: OpenShift Container Platform 4.7 low-latency extras security and bug fix update

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7 low-latency extras security and bug fix update
Advisory ID: RHSA-2020:5364-01
Product: Red Hat OpenShift Enterprise
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:5364
Issue date: 2021-02-24
CVE Names: CVE-2018-20843 CVE-2019-5018 CVE-2019-13050
CVE-2019-13627 CVE-2019-14889 CVE-2019-15165
CVE-2019-15903 CVE-2019-16168 CVE-2019-16935
CVE-2019-17450 CVE-2019-19221 CVE-2019-19906
CVE-2019-19956 CVE-2019-20218 CVE-2019-20387
CVE-2019-20388 CVE-2019-20454 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-6405
CVE-2020-7595 CVE-2020-8492 CVE-2020-9327
CVE-2020-10029 CVE-2020-10722 CVE-2020-10723
CVE-2020-10725 CVE-2020-10726 CVE-2020-13630
CVE-2020-13631 CVE-2020-13632 CVE-2020-14382
CVE-2020-14422 CVE-2020-24659 CVE-2020-25211
CVE-2020-27813
=====================================================================

1. Summary:

An update for cnf-tests-container, dpdk-base-container,
performance-addon-operator-bundle-registry-container,
performance-addon-operator-container, and
performance-addon-operator-must-gather-rhel8-container is now available for
Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the extra low-latency container images for Red Hat
OpenShift Container Platform 4.7. See the following advisory for the
container images for this release:

  https://access.redhat.com/errata/RHSA-2020:5633

Security Fix(es):

* golang-github-gorilla-websocket: integer overflow leads to denial of
service (CVE-2020-27813)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Configuring the system with non-RT kernel will hang the system
(BZ#1923220)

3. Solution:

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

  https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html

4. Bugs fixed (  https://bugzilla.redhat.com/):

1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service

5. JIRA issues fixed (  https://issues.jboss.org/):

CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs
CNF-854 - Performance tests in CNF Tests

6. References:

  https://access.redhat.com/security/cve/CVE-2018-20843
  https://access.redhat.com/security/cve/CVE-2019-5018
  https://access.redhat.com/security/cve/CVE-2019-13050
  https://access.redhat.com/security/cve/CVE-2019-13627
  https://access.redhat.com/security/cve/CVE-2019-14889
  https://access.redhat.com/security/cve/CVE-2019-15165
  https://access.redhat.com/security/cve/CVE-2019-15903
  https://access.redhat.com/security/cve/CVE-2019-16168
  https://access.redhat.com/security/cve/CVE-2019-16935
  https://access.redhat.com/security/cve/CVE-2019-17450
  https://access.redhat.com/security/cve/CVE-2019-19221
  https://access.redhat.com/security/cve/CVE-2019-19906
  https://access.redhat.com/security/cve/CVE-2019-19956
  https://access.redhat.com/security/cve/CVE-2019-20218
  https://access.redhat.com/security/cve/CVE-2019-20387
  https://access.redhat.com/security/cve/CVE-2019-20388
  https://access.redhat.com/security/cve/CVE-2019-20454
  https://access.redhat.com/security/cve/CVE-2019-20907
  https://access.redhat.com/security/cve/CVE-2019-20916
  https://access.redhat.com/security/cve/CVE-2020-1730
  https://access.redhat.com/security/cve/CVE-2020-1751
  https://access.redhat.com/security/cve/CVE-2020-1752
  https://access.redhat.com/security/cve/CVE-2020-1971
  https://access.redhat.com/security/cve/CVE-2020-6405
  https://access.redhat.com/security/cve/CVE-2020-7595
  https://access.redhat.com/security/cve/CVE-2020-8492
  https://access.redhat.com/security/cve/CVE-2020-9327
  https://access.redhat.com/security/cve/CVE-2020-10029
  https://access.redhat.com/security/cve/CVE-2020-10722
  https://access.redhat.com/security/cve/CVE-2020-10723
  https://access.redhat.com/security/cve/CVE-2020-10725
  https://access.redhat.com/security/cve/CVE-2020-10726
  https://access.redhat.com/security/cve/CVE-2020-13630
  https://access.redhat.com/security/cve/CVE-2020-13631
  https://access.redhat.com/security/cve/CVE-2020-13632
  https://access.redhat.com/security/cve/CVE-2020-14382
  https://access.redhat.com/security/cve/CVE-2020-14422
  https://access.redhat.com/security/cve/CVE-2020-24659
  https://access.redhat.com/security/cve/CVE-2020-25211
  https://access.redhat.com/security/cve/CVE-2020-27813
  https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.