Red Hat 9062 Published by

An OpenShift Container Platform 4.7.0 extras and security update has been released.



RHSA-2020:5635-01: Moderate: OpenShift Container Platform 4.7.0 extras and security update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update
Advisory ID: RHSA-2020:5635-01
Product: Red Hat OpenShift Enterprise
Advisory URL:   https://access.redhat.com/errata/RHSA-2020:5635
Issue date: 2021-02-24
CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018
CVE-2019-8625 CVE-2019-8710 CVE-2019-8720
CVE-2019-8743 CVE-2019-8764 CVE-2019-8766
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8823 CVE-2019-8835
CVE-2019-8844 CVE-2019-8846 CVE-2019-13050
CVE-2019-13225 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15903 CVE-2019-16168
CVE-2019-16935 CVE-2019-17450 CVE-2019-17546
CVE-2019-19221 CVE-2019-19906 CVE-2019-19956
CVE-2019-20218 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20807 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3898
CVE-2020-3899 CVE-2020-3900 CVE-2020-3901
CVE-2020-3902 CVE-2020-6405 CVE-2020-7595
CVE-2020-8492 CVE-2020-8566 CVE-2020-8619
CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
CVE-2020-9327 CVE-2020-9802 CVE-2020-9803
CVE-2020-9805 CVE-2020-9806 CVE-2020-9807
CVE-2020-9843 CVE-2020-9850 CVE-2020-9862
CVE-2020-9893 CVE-2020-9894 CVE-2020-9895
CVE-2020-9915 CVE-2020-9925 CVE-2020-10018
CVE-2020-10029 CVE-2020-11793 CVE-2020-13630
CVE-2020-13631 CVE-2020-13632 CVE-2020-14040
CVE-2020-14382 CVE-2020-14391 CVE-2020-14422
CVE-2020-15157 CVE-2020-15503 CVE-2020-15999
CVE-2020-24659 CVE-2020-24750 CVE-2020-25211
CVE-2020-25658 CVE-2021-3121
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.7.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release also includes a security update for Red Hat OpenShift
Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

* jackson-databind: Serialization gadgets in
com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)

* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index
validation (CVE-2021-3121)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 4.7.0. See the following advisory for the container images for
this release:

  https://access.redhat.com/errata/RHEA-2020:5633

All OpenShift Container Platform users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
  https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -between-minor.html#understanding-upgrade-channels_updating-cluster-between
- -minor.

3. Solution:

For OpenShift Container Platform 4.7 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

  https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel
ease-notes.html

Details on how to access this content are available at
  https://docs.openshift.com/container-platform/4.7/updating/updating-cluster
- -cli.html.

4. Bugs fixed (  https://bugzilla.redhat.com/):

1823765 - nfd-workers crash under an ipv6 environment
1838802 - mysql8 connector from operatorhub does not work with metering operator
1838845 - Metering operator can't connect to postgres DB from Operator Hub
1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1868294 - NFD operator does not allow customisation of nfd-worker.conf
1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
1890672 - NFD is missing a build flag to build correctly
1890741 - path to the CA trust bundle ConfigMap is broken in report operator
1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster
1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel
1900125 - FIPS error while generating RSA private key for CA
1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub
1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub
1913837 - The CI and ART 4.7 metering images are not mirrored
1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le
1916010 - olm skip range is set to the wrong range
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923998 - NFD Operator is failing to update and remains in Replacing state

5. References:

  https://access.redhat.com/security/cve/CVE-2018-20843
  https://access.redhat.com/security/cve/CVE-2019-3884
  https://access.redhat.com/security/cve/CVE-2019-5018
  https://access.redhat.com/security/cve/CVE-2019-8625
  https://access.redhat.com/security/cve/CVE-2019-8710
  https://access.redhat.com/security/cve/CVE-2019-8720
  https://access.redhat.com/security/cve/CVE-2019-8743
  https://access.redhat.com/security/cve/CVE-2019-8764
  https://access.redhat.com/security/cve/CVE-2019-8766
  https://access.redhat.com/security/cve/CVE-2019-8769
  https://access.redhat.com/security/cve/CVE-2019-8771
  https://access.redhat.com/security/cve/CVE-2019-8782
  https://access.redhat.com/security/cve/CVE-2019-8783
  https://access.redhat.com/security/cve/CVE-2019-8808
  https://access.redhat.com/security/cve/CVE-2019-8811
  https://access.redhat.com/security/cve/CVE-2019-8812
  https://access.redhat.com/security/cve/CVE-2019-8813
  https://access.redhat.com/security/cve/CVE-2019-8814
  https://access.redhat.com/security/cve/CVE-2019-8815
  https://access.redhat.com/security/cve/CVE-2019-8816
  https://access.redhat.com/security/cve/CVE-2019-8819
  https://access.redhat.com/security/cve/CVE-2019-8820
  https://access.redhat.com/security/cve/CVE-2019-8823
  https://access.redhat.com/security/cve/CVE-2019-8835
  https://access.redhat.com/security/cve/CVE-2019-8844
  https://access.redhat.com/security/cve/CVE-2019-8846
  https://access.redhat.com/security/cve/CVE-2019-13050
  https://access.redhat.com/security/cve/CVE-2019-13225
  https://access.redhat.com/security/cve/CVE-2019-13627
  https://access.redhat.com/security/cve/CVE-2019-14889
  https://access.redhat.com/security/cve/CVE-2019-15165
  https://access.redhat.com/security/cve/CVE-2019-15903
  https://access.redhat.com/security/cve/CVE-2019-16168
  https://access.redhat.com/security/cve/CVE-2019-16935
  https://access.redhat.com/security/cve/CVE-2019-17450
  https://access.redhat.com/security/cve/CVE-2019-17546
  https://access.redhat.com/security/cve/CVE-2019-19221
  https://access.redhat.com/security/cve/CVE-2019-19906
  https://access.redhat.com/security/cve/CVE-2019-19956
  https://access.redhat.com/security/cve/CVE-2019-20218
  https://access.redhat.com/security/cve/CVE-2019-20387
  https://access.redhat.com/security/cve/CVE-2019-20388
  https://access.redhat.com/security/cve/CVE-2019-20454
  https://access.redhat.com/security/cve/CVE-2019-20807
  https://access.redhat.com/security/cve/CVE-2019-20907
  https://access.redhat.com/security/cve/CVE-2019-20916
  https://access.redhat.com/security/cve/CVE-2020-1730
  https://access.redhat.com/security/cve/CVE-2020-1751
  https://access.redhat.com/security/cve/CVE-2020-1752
  https://access.redhat.com/security/cve/CVE-2020-1971
  https://access.redhat.com/security/cve/CVE-2020-3862
  https://access.redhat.com/security/cve/CVE-2020-3864
  https://access.redhat.com/security/cve/CVE-2020-3865
  https://access.redhat.com/security/cve/CVE-2020-3867
  https://access.redhat.com/security/cve/CVE-2020-3868
  https://access.redhat.com/security/cve/CVE-2020-3885
  https://access.redhat.com/security/cve/CVE-2020-3894
  https://access.redhat.com/security/cve/CVE-2020-3895
  https://access.redhat.com/security/cve/CVE-2020-3897
  https://access.redhat.com/security/cve/CVE-2020-3898
  https://access.redhat.com/security/cve/CVE-2020-3899
  https://access.redhat.com/security/cve/CVE-2020-3900
  https://access.redhat.com/security/cve/CVE-2020-3901
  https://access.redhat.com/security/cve/CVE-2020-3902
  https://access.redhat.com/security/cve/CVE-2020-6405
  https://access.redhat.com/security/cve/CVE-2020-7595
  https://access.redhat.com/security/cve/CVE-2020-8492
  https://access.redhat.com/security/cve/CVE-2020-8566
  https://access.redhat.com/security/cve/CVE-2020-8619
  https://access.redhat.com/security/cve/CVE-2020-8622
  https://access.redhat.com/security/cve/CVE-2020-8623
  https://access.redhat.com/security/cve/CVE-2020-8624
  https://access.redhat.com/security/cve/CVE-2020-9327
  https://access.redhat.com/security/cve/CVE-2020-9802
  https://access.redhat.com/security/cve/CVE-2020-9803
  https://access.redhat.com/security/cve/CVE-2020-9805
  https://access.redhat.com/security/cve/CVE-2020-9806
  https://access.redhat.com/security/cve/CVE-2020-9807
  https://access.redhat.com/security/cve/CVE-2020-9843
  https://access.redhat.com/security/cve/CVE-2020-9850
  https://access.redhat.com/security/cve/CVE-2020-9862
  https://access.redhat.com/security/cve/CVE-2020-9893
  https://access.redhat.com/security/cve/CVE-2020-9894
  https://access.redhat.com/security/cve/CVE-2020-9895
  https://access.redhat.com/security/cve/CVE-2020-9915
  https://access.redhat.com/security/cve/CVE-2020-9925
  https://access.redhat.com/security/cve/CVE-2020-10018
  https://access.redhat.com/security/cve/CVE-2020-10029
  https://access.redhat.com/security/cve/CVE-2020-11793
  https://access.redhat.com/security/cve/CVE-2020-13630
  https://access.redhat.com/security/cve/CVE-2020-13631
  https://access.redhat.com/security/cve/CVE-2020-13632
  https://access.redhat.com/security/cve/CVE-2020-14040
  https://access.redhat.com/security/cve/CVE-2020-14382
  https://access.redhat.com/security/cve/CVE-2020-14391
  https://access.redhat.com/security/cve/CVE-2020-14422
  https://access.redhat.com/security/cve/CVE-2020-15157
  https://access.redhat.com/security/cve/CVE-2020-15503
  https://access.redhat.com/security/cve/CVE-2020-15999
  https://access.redhat.com/security/cve/CVE-2020-24659
  https://access.redhat.com/security/cve/CVE-2020-24750
  https://access.redhat.com/security/cve/CVE-2020-25211
  https://access.redhat.com/security/cve/CVE-2020-25658
  https://access.redhat.com/security/cve/CVE-2021-3121
  https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.