Headline
RHSA-2022:0024: Red Hat Security Advisory: OpenShift Container Platform 4.6.53 security update
Red Hat OpenShift Container Platform release 4.6.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-39241: haproxy: an HTTP method name may contain a space followed by the name of a protected resource
- CVE-2021-40346: haproxy: request smuggling attack or response splitting via duplicate content-length header
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-01-12
Updated:
2022-01-12
RHSA-2022:0024 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: OpenShift Container Platform 4.6.53 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.6.53 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:0025
Security Fix(es):
- haproxy: an HTTP method name may contain a space followed by the name of
a protected resource (CVE-2021-39241)
- haproxy: request smuggling attack or response splitting via duplicate
content-length header (CVE-2021-40346)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
Affected Products
- Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
Fixes
- BZ - 1995107 - CVE-2021-39241 haproxy: an HTTP method name may contain a space followed by the name of a protected resource
- BZ - 2000599 - CVE-2021-40346 haproxy: request smuggling attack or response splitting via duplicate content-length header
- BZ - 2037401 - Placeholder bug for OCP 4.6.0 rpm release
Red Hat OpenShift Container Platform 4.6 for RHEL 8
SRPM
haproxy-2.0.16-4.el8.src.rpm
SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm
SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
x86_64
haproxy-debugsource-2.0.16-4.el8.x86_64.rpm
SHA-256: 3e2b4a37647fb062acf8fd46550dd28dfaaa5dc79a93ac9f6e6b2ba82f091200
haproxy20-2.0.16-4.el8.x86_64.rpm
SHA-256: 556ffb4049261d102805fffe0a13aeffb2ed9de8cdf329dc4f3b3b2fa693215a
haproxy20-debuginfo-2.0.16-4.el8.x86_64.rpm
SHA-256: e406ce92912236727d28e4250aee09cdb16e0ca360909e82f3cc152dc5babde7
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.x86_64.rpm
SHA-256: 45dd40654a2d45c8ba8ba13c03c0725b2839cb86eed7c405085a3f79f8899b31
Red Hat OpenShift Container Platform 4.6 for RHEL 7
SRPM
haproxy-2.0.16-2.el7.src.rpm
SHA-256: f02743a6cb838ad9ba4bcf87e2b4f1bb68d2d8c7c45e88d8d4c6d88d28b179af
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el7.src.rpm
SHA-256: 66a44333dabb9a2099dbc1b3061be36ba5623a5bfff0fc8ead3ad1a34649a4d0
x86_64
haproxy-debuginfo-2.0.16-2.el7.x86_64.rpm
SHA-256: e0cac0580652842217f71f88d6c4aea9909033c6f4829bc2b7a0d57bc136130c
haproxy20-2.0.16-2.el7.x86_64.rpm
SHA-256: 303bab128ea8e43881151ea40ef4138b67dc222fc1d856208330cd3b9b11f10c
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el7.x86_64.rpm
SHA-256: 5584bca7a585ce55b08fcea74c0373c73350f82c12f1c5dd6cf21a8731ad93ea
Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8
SRPM
haproxy-2.0.16-4.el8.src.rpm
SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm
SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
ppc64le
haproxy-debugsource-2.0.16-4.el8.ppc64le.rpm
SHA-256: 43b0aa193260435c1a91a06453f25a2b13e8f59de3ca27a55bb69a023c29be35
haproxy20-2.0.16-4.el8.ppc64le.rpm
SHA-256: 05a6aaa7134629e16bc6e81ee2a4aa674852512cea3cabc8045518d30ce25454
haproxy20-debuginfo-2.0.16-4.el8.ppc64le.rpm
SHA-256: a6904e413dee6d2181b6fba59265e8d5cb6acd7d2c476a9c8a4db5571cb9ee4b
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.ppc64le.rpm
SHA-256: 1011a6bf83ccb4978387aa11dc9fac8d1cdd09def726764864913bdfd6b81968
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8
SRPM
haproxy-2.0.16-4.el8.src.rpm
SHA-256: 5491fb512b092ac605b0cfe584aa6eddf8c8131de12c41de4ceac5839d67a6b0
openshift-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.src.rpm
SHA-256: b126adc54c85c617d78fd3d9cb2293f4e816180261b9b5754763cbbd77663b1a
s390x
haproxy-debugsource-2.0.16-4.el8.s390x.rpm
SHA-256: 95326aac82d96dcaaa04ae97fe4bbda0c20484039bbec73fdf23a444ac4cbb14
haproxy20-2.0.16-4.el8.s390x.rpm
SHA-256: 5e6d555d54c05bee8af00447a6ee212af9633a98ad21ecd379994ba7021eb48e
haproxy20-debuginfo-2.0.16-4.el8.s390x.rpm
SHA-256: 923eed8ed9c9fb5a59eadb1070c2ddd70175eabe9ebf799b83c45c5eb4cb4a01
openshift-hyperkube-4.6.0-202112092023.p0.g845f228.assembly.stream.el8.s390x.rpm
SHA-256: 29807970df3f077ff0faf59e5c51eb30e7a4565471de0b28cc6b06672e6fed79
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.