Red Hat 9042 Published by

An OpenShift Container Platform 4.6 compliance-operator security and bug fix update has been released.



RHSA-2021:0436-01: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Advisory ID: RHSA-2021:0436-01
Product: Red Hat OpenShift Enterprise
Advisory URL:   https://access.redhat.com/errata/RHSA-2021:0436
Issue date: 2021-02-16
CVE Names: CVE-2018-20843 CVE-2019-1551 CVE-2019-5018
CVE-2019-8625 CVE-2019-8710 CVE-2019-8720
CVE-2019-8743 CVE-2019-8764 CVE-2019-8766
CVE-2019-8769 CVE-2019-8771 CVE-2019-8782
CVE-2019-8783 CVE-2019-8808 CVE-2019-8811
CVE-2019-8812 CVE-2019-8813 CVE-2019-8814
CVE-2019-8815 CVE-2019-8816 CVE-2019-8819
CVE-2019-8820 CVE-2019-8823 CVE-2019-8835
CVE-2019-8844 CVE-2019-8846 CVE-2019-11068
CVE-2019-13050 CVE-2019-13627 CVE-2019-14889
CVE-2019-15165 CVE-2019-15903 CVE-2019-16168
CVE-2019-16935 CVE-2019-18197 CVE-2019-19221
CVE-2019-19906 CVE-2019-19956 CVE-2019-20218
CVE-2019-20386 CVE-2019-20387 CVE-2019-20388
CVE-2019-20454 CVE-2019-20807 CVE-2019-20907
CVE-2019-20916 CVE-2020-1730 CVE-2020-1751
CVE-2020-1752 CVE-2020-1971 CVE-2020-3862
CVE-2020-3864 CVE-2020-3865 CVE-2020-3867
CVE-2020-3868 CVE-2020-3885 CVE-2020-3894
CVE-2020-3895 CVE-2020-3897 CVE-2020-3899
CVE-2020-3900 CVE-2020-3901 CVE-2020-3902
CVE-2020-6405 CVE-2020-7595 CVE-2020-8177
CVE-2020-8492 CVE-2020-9327 CVE-2020-9802
CVE-2020-9803 CVE-2020-9805 CVE-2020-9806
CVE-2020-9807 CVE-2020-9843 CVE-2020-9850
CVE-2020-9862 CVE-2020-9893 CVE-2020-9894
CVE-2020-9895 CVE-2020-9915 CVE-2020-9925
CVE-2020-10018 CVE-2020-10029 CVE-2020-11793
CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
CVE-2020-14382 CVE-2020-14391 CVE-2020-14422
CVE-2020-15503 CVE-2020-24659 CVE-2020-28362
=====================================================================

1. Summary:

An update for compliance-content-container,
ose-compliance-openscap-container, ose-compliance-operator-container, and
ose-compliance-operator-metadata-container is now available for Red Hat
OpenShift Container Platform 4.6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

The compliance-operator image updates are now available for OpenShift
Container Platform 4.6.

This advisory provides the following updates among others:

* Enhances profile parsing time.
* Fixes excessive resource consumption from the Operator.
* Fixes default content image.
* Fixes outdated remediation handling.

Security Fix(es):

* golang: math/big: panic during recursive division of very large numbers
(CVE-2020-28362)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.6 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this asynchronous errata update:

  https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
ease-notes.html

Details on how to access this content are available at
  https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
- -cli.html.

4. Bugs fixed (  https://bugzilla.redhat.com/):

1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1918990 - ComplianceSuite scans use quay content image for initContainer
1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present
1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules
1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console.

5. References:

  https://access.redhat.com/security/cve/CVE-2018-20843
  https://access.redhat.com/security/cve/CVE-2019-1551
  https://access.redhat.com/security/cve/CVE-2019-5018
  https://access.redhat.com/security/cve/CVE-2019-8625
  https://access.redhat.com/security/cve/CVE-2019-8710
  https://access.redhat.com/security/cve/CVE-2019-8720
  https://access.redhat.com/security/cve/CVE-2019-8743
  https://access.redhat.com/security/cve/CVE-2019-8764
  https://access.redhat.com/security/cve/CVE-2019-8766
  https://access.redhat.com/security/cve/CVE-2019-8769
  https://access.redhat.com/security/cve/CVE-2019-8771
  https://access.redhat.com/security/cve/CVE-2019-8782
  https://access.redhat.com/security/cve/CVE-2019-8783
  https://access.redhat.com/security/cve/CVE-2019-8808
  https://access.redhat.com/security/cve/CVE-2019-8811
  https://access.redhat.com/security/cve/CVE-2019-8812
  https://access.redhat.com/security/cve/CVE-2019-8813
  https://access.redhat.com/security/cve/CVE-2019-8814
  https://access.redhat.com/security/cve/CVE-2019-8815
  https://access.redhat.com/security/cve/CVE-2019-8816
  https://access.redhat.com/security/cve/CVE-2019-8819
  https://access.redhat.com/security/cve/CVE-2019-8820
  https://access.redhat.com/security/cve/CVE-2019-8823
  https://access.redhat.com/security/cve/CVE-2019-8835
  https://access.redhat.com/security/cve/CVE-2019-8844
  https://access.redhat.com/security/cve/CVE-2019-8846
  https://access.redhat.com/security/cve/CVE-2019-11068
  https://access.redhat.com/security/cve/CVE-2019-13050
  https://access.redhat.com/security/cve/CVE-2019-13627
  https://access.redhat.com/security/cve/CVE-2019-14889
  https://access.redhat.com/security/cve/CVE-2019-15165
  https://access.redhat.com/security/cve/CVE-2019-15903
  https://access.redhat.com/security/cve/CVE-2019-16168
  https://access.redhat.com/security/cve/CVE-2019-16935
  https://access.redhat.com/security/cve/CVE-2019-18197
  https://access.redhat.com/security/cve/CVE-2019-19221
  https://access.redhat.com/security/cve/CVE-2019-19906
  https://access.redhat.com/security/cve/CVE-2019-19956
  https://access.redhat.com/security/cve/CVE-2019-20218
  https://access.redhat.com/security/cve/CVE-2019-20386
  https://access.redhat.com/security/cve/CVE-2019-20387
  https://access.redhat.com/security/cve/CVE-2019-20388
  https://access.redhat.com/security/cve/CVE-2019-20454
  https://access.redhat.com/security/cve/CVE-2019-20807
  https://access.redhat.com/security/cve/CVE-2019-20907
  https://access.redhat.com/security/cve/CVE-2019-20916
  https://access.redhat.com/security/cve/CVE-2020-1730
  https://access.redhat.com/security/cve/CVE-2020-1751
  https://access.redhat.com/security/cve/CVE-2020-1752
  https://access.redhat.com/security/cve/CVE-2020-1971
  https://access.redhat.com/security/cve/CVE-2020-3862
  https://access.redhat.com/security/cve/CVE-2020-3864
  https://access.redhat.com/security/cve/CVE-2020-3865
  https://access.redhat.com/security/cve/CVE-2020-3867
  https://access.redhat.com/security/cve/CVE-2020-3868
  https://access.redhat.com/security/cve/CVE-2020-3885
  https://access.redhat.com/security/cve/CVE-2020-3894
  https://access.redhat.com/security/cve/CVE-2020-3895
  https://access.redhat.com/security/cve/CVE-2020-3897
  https://access.redhat.com/security/cve/CVE-2020-3899
  https://access.redhat.com/security/cve/CVE-2020-3900
  https://access.redhat.com/security/cve/CVE-2020-3901
  https://access.redhat.com/security/cve/CVE-2020-3902
  https://access.redhat.com/security/cve/CVE-2020-6405
  https://access.redhat.com/security/cve/CVE-2020-7595
  https://access.redhat.com/security/cve/CVE-2020-8177
  https://access.redhat.com/security/cve/CVE-2020-8492
  https://access.redhat.com/security/cve/CVE-2020-9327
  https://access.redhat.com/security/cve/CVE-2020-9802
  https://access.redhat.com/security/cve/CVE-2020-9803
  https://access.redhat.com/security/cve/CVE-2020-9805
  https://access.redhat.com/security/cve/CVE-2020-9806
  https://access.redhat.com/security/cve/CVE-2020-9807
  https://access.redhat.com/security/cve/CVE-2020-9843
  https://access.redhat.com/security/cve/CVE-2020-9850
  https://access.redhat.com/security/cve/CVE-2020-9862
  https://access.redhat.com/security/cve/CVE-2020-9893
  https://access.redhat.com/security/cve/CVE-2020-9894
  https://access.redhat.com/security/cve/CVE-2020-9895
  https://access.redhat.com/security/cve/CVE-2020-9915
  https://access.redhat.com/security/cve/CVE-2020-9925
  https://access.redhat.com/security/cve/CVE-2020-10018
  https://access.redhat.com/security/cve/CVE-2020-10029
  https://access.redhat.com/security/cve/CVE-2020-11793
  https://access.redhat.com/security/cve/CVE-2020-13630
  https://access.redhat.com/security/cve/CVE-2020-13631
  https://access.redhat.com/security/cve/CVE-2020-13632
  https://access.redhat.com/security/cve/CVE-2020-14382
  https://access.redhat.com/security/cve/CVE-2020-14391
  https://access.redhat.com/security/cve/CVE-2020-14422
  https://access.redhat.com/security/cve/CVE-2020-15503
  https://access.redhat.com/security/cve/CVE-2020-24659
  https://access.redhat.com/security/cve/CVE-2020-28362
  https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.