Headline
RHSA-2022:1025: Red Hat Security Advisory: OpenShift Container Platform 4.10.6 security update
Red Hat OpenShift Container Platform release 4.10.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2022-25181 CVE-2022-25182 CVE-2022-25183 CVE-2022-25176 CVE-2022-25177 CVE-2022-25178 CVE-2022-25179 CVE-2022-25180 CVE-2022-25184This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25173: workflow-cps: OS command execution through crafted SCM contents
- CVE-2022-25174: workflow-cps-global-lib: OS command execution through crafted SCM contents
- CVE-2022-25175: workflow-multibranch: OS command execution through crafted SCM contents
- CVE-2022-25176: workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names
- CVE-2022-25177: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
- CVE-2022-25178: workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
- CVE-2022-25179: workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
- CVE-2022-25180: workflow-cps: Password parameters are included from the original build in replayed builds
- CVE-2022-25181: workflow-cps-global-lib: Sandbox bypass vulnerability
- CVE-2022-25182: workflow-cps-global-lib: Sandbox bypass vulnerability
- CVE-2022-25183: workflow-cps-global-lib: Sandbox bypass vulnerability
- CVE-2022-25184: pipeline-build-step: Password parameter default values exposed
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-28
Updated:
2022-03-28
RHSA-2022:1025 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: OpenShift Container Platform 4.10.6 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
Red Hat OpenShift Container Platform release 4.10.6 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
CVE-2022-25181 CVE-2022-25182 CVE-2022-25183 CVE-2022-25176 CVE-2022-25177 CVE-2022-25178 CVE-2022-25179 CVE-2022-25180 CVE-2022-25184
Description
Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.6. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:1026
Security Fix(es):
- workflow-cps: OS command execution through crafted SCM contents
(CVE-2022-25173)
- workflow-cps-global-lib: OS command execution through crafted SCM
contents (CVE-2022-25174)
- workflow-multibranch: OS command execution through crafted SCM contents
(CVE-2022-25175)
- workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25181)
- workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25182)
- workflow-cps-global-lib: Sandbox bypass vulnerability (CVE-2022-25183)
- workflow-cps: Pipeline-related plugins follow symbolic links or do not
limit path names (CVE-2022-25176)
- workflow-cps-global-lib: Pipeline-related plugins follow symbolic links
or do not limit path names (CVE-2022-25177)
- workflow-cps-global-lib: Pipeline-related plugins follow symbolic links
or do not limit path names (CVE-2022-25178)
- workflow-multibranch: Pipeline-related plugins follow symbolic links or
do not limit path names (CVE-2022-25179)
- workflow-cps: Password parameters are included from the original build in
replayed builds (CVE-2022-25180)
- pipeline-build-step: Password parameter default values exposed
(CVE-2022-25184)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Affected Products
- Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
- Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
- Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
- Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
- Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64
Fixes
- BZ - 2055719 - CVE-2022-25175 workflow-multibranch: OS command execution through crafted SCM contents
- BZ - 2055733 - CVE-2022-25173 workflow-cps: OS command execution through crafted SCM contents
- BZ - 2055734 - CVE-2022-25174 workflow-cps-global-lib: OS command execution through crafted SCM contents
- BZ - 2055787 - CVE-2022-25176 workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names
- BZ - 2055788 - CVE-2022-25177 workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
- BZ - 2055789 - CVE-2022-25178 workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names
- BZ - 2055792 - CVE-2022-25179 workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names
- BZ - 2055795 - CVE-2022-25180 workflow-cps: Password parameters are included from the original build in replayed builds
- BZ - 2055797 - CVE-2022-25181 workflow-cps-global-lib: Sandbox bypass vulnerability
- BZ - 2055798 - CVE-2022-25182 workflow-cps-global-lib: Sandbox bypass vulnerability
- BZ - 2055802 - CVE-2022-25183 workflow-cps-global-lib: Sandbox bypass vulnerability
- BZ - 2055804 - CVE-2022-25184 pipeline-build-step: Password parameter default values exposed
CVEs
- CVE-2022-25173
- CVE-2022-25174
- CVE-2022-25175
- CVE-2022-25176
- CVE-2022-25177
- CVE-2022-25178
- CVE-2022-25179
- CVE-2022-25180
- CVE-2022-25181
- CVE-2022-25182
- CVE-2022-25183
- CVE-2022-25184
Red Hat OpenShift Container Platform 4.10 for RHEL 8
SRPM
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.src.rpm
SHA-256: faa59de15b1656b492fabc4d27fd7139dbaeb4461680a5a12717b475128e43b3
jenkins-2-plugins-4.10.1647505461-1.el8.src.rpm
SHA-256: cf6e625a848750ee00c27c7bb912613455db6885bfb3ce4232a16cd2864d159b
openshift-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.src.rpm
SHA-256: 090d76c3db861dfd6d7389afe796e8ea6caa8a4fe3d490f887a59196cac77db6
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.src.rpm
SHA-256: 99e676cf3a8d4cb11ecb873b93fdcd6ec4259a5933f436f9e437af849ad3007d
x86_64
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.x86_64.rpm
SHA-256: 11fadf645916dbb89dd98b7979f6767023382412b50158774d392e6e3c936ad0
cri-o-debuginfo-1.23.2-2.rhaos4.10.git071ae78.el8.x86_64.rpm
SHA-256: bb3e20b2e4eab1f7abffe1cf8b2b7c1b4a049124a91b4738b86462c80817f52f
cri-o-debugsource-1.23.2-2.rhaos4.10.git071ae78.el8.x86_64.rpm
SHA-256: 6457a1a531ba61d3e0f93bffd514c416726f7dcb1fb301c7e33451b75263d56c
jenkins-2-plugins-4.10.1647505461-1.el8.noarch.rpm
SHA-256: 09212cdf5b04afc899c87684fa1a5e3fb961d3970d699392544237107fbf6f37
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.x86_64.rpm
SHA-256: d5149d1d61f34a7fc9db393f955017312d9501b62c859c4a7c608aedfaa7ac9a
openshift-clients-redistributable-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.x86_64.rpm
SHA-256: 110500950206fc0de89af74c34005f2e5e9cb0247b290e6fe31c6b0f90b8d366
openshift-hyperkube-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.x86_64.rpm
SHA-256: e523c256c13b388cd474ba34077ac56d1ecc5c53105d543d353870e5c36a8c8e
Red Hat OpenShift Container Platform 4.10 for RHEL 7
SRPM
openshift-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el7.src.rpm
SHA-256: 2ca5dac79616d7eff7edf2446b5d5b22a116c55ed33e09604aa5f87f40d3408d
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el7.src.rpm
SHA-256: 901e08a0edaa41d83a5fec063c60f58e30d909ef21061586c208a329d9c27a15
x86_64
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el7.x86_64.rpm
SHA-256: 11d870566947d00db1e9101baf3344f60e089e9cd299a0ab44f900b72d18302e
openshift-clients-redistributable-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el7.x86_64.rpm
SHA-256: 5cd7e2d5f4aa6282d59bb61b87ebf9786f9b638d356495e8e4fc2f1fa0411894
openshift-hyperkube-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el7.x86_64.rpm
SHA-256: b661bdeb022e5f273c699035c188c6bb80ba20bbb0cea794b5bba8edff742c63
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8
SRPM
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.src.rpm
SHA-256: faa59de15b1656b492fabc4d27fd7139dbaeb4461680a5a12717b475128e43b3
jenkins-2-plugins-4.10.1647505461-1.el8.src.rpm
SHA-256: cf6e625a848750ee00c27c7bb912613455db6885bfb3ce4232a16cd2864d159b
openshift-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.src.rpm
SHA-256: 090d76c3db861dfd6d7389afe796e8ea6caa8a4fe3d490f887a59196cac77db6
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.src.rpm
SHA-256: 99e676cf3a8d4cb11ecb873b93fdcd6ec4259a5933f436f9e437af849ad3007d
ppc64le
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.ppc64le.rpm
SHA-256: d307a4d6be1b0ec0f3e6857c83b9872866d9c102d2054cc016d99502024e1f7a
cri-o-debuginfo-1.23.2-2.rhaos4.10.git071ae78.el8.ppc64le.rpm
SHA-256: 4de28a96cb5606b5970613e6875a5999a96c839f80fafee5ac982e7d75101ad0
cri-o-debugsource-1.23.2-2.rhaos4.10.git071ae78.el8.ppc64le.rpm
SHA-256: 3f325124107676562748896e95cfe8aec0118be42b9ca7a0ffa8579b840e89dd
jenkins-2-plugins-4.10.1647505461-1.el8.noarch.rpm
SHA-256: 09212cdf5b04afc899c87684fa1a5e3fb961d3970d699392544237107fbf6f37
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.ppc64le.rpm
SHA-256: 5cb0289d29298df80a31f2c4e32ea8436f705670a9684b29fd8a86aa4aa76c53
openshift-hyperkube-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.ppc64le.rpm
SHA-256: 81f6f06dcdc067449b6d33c5248ca64292ef0f2080f44f8dd407a7703191afc5
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8
SRPM
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.src.rpm
SHA-256: faa59de15b1656b492fabc4d27fd7139dbaeb4461680a5a12717b475128e43b3
jenkins-2-plugins-4.10.1647505461-1.el8.src.rpm
SHA-256: cf6e625a848750ee00c27c7bb912613455db6885bfb3ce4232a16cd2864d159b
openshift-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.src.rpm
SHA-256: 090d76c3db861dfd6d7389afe796e8ea6caa8a4fe3d490f887a59196cac77db6
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.src.rpm
SHA-256: 99e676cf3a8d4cb11ecb873b93fdcd6ec4259a5933f436f9e437af849ad3007d
s390x
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.s390x.rpm
SHA-256: 9fa96f7e9badf59c901a21479e39ffb7603d09421c45c960067cd0269dae2c04
cri-o-debuginfo-1.23.2-2.rhaos4.10.git071ae78.el8.s390x.rpm
SHA-256: ced1f8311f210790c375fde77fb460b839a91249caf965644890850ce36d4768
cri-o-debugsource-1.23.2-2.rhaos4.10.git071ae78.el8.s390x.rpm
SHA-256: 4cfa5d8cb56b5bb6fe7ef174a86ff707afe40f00eccd1def866ced8e1a37f983
jenkins-2-plugins-4.10.1647505461-1.el8.noarch.rpm
SHA-256: 09212cdf5b04afc899c87684fa1a5e3fb961d3970d699392544237107fbf6f37
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.s390x.rpm
SHA-256: 11ad3f4ba855eb47bb5369eeb669734cc65f26fdb77c95ff2135d31e3bb0fc92
openshift-hyperkube-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.s390x.rpm
SHA-256: c7b39c3a92a4b3b1343f6b2f131e25f646301ae1edb7362007fbc8b0e9d4a9ab
Red Hat OpenShift Container Platform for ARM 64 4.10
SRPM
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.src.rpm
SHA-256: faa59de15b1656b492fabc4d27fd7139dbaeb4461680a5a12717b475128e43b3
jenkins-2-plugins-4.10.1647505461-1.el8.src.rpm
SHA-256: cf6e625a848750ee00c27c7bb912613455db6885bfb3ce4232a16cd2864d159b
openshift-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.src.rpm
SHA-256: 090d76c3db861dfd6d7389afe796e8ea6caa8a4fe3d490f887a59196cac77db6
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.src.rpm
SHA-256: 99e676cf3a8d4cb11ecb873b93fdcd6ec4259a5933f436f9e437af849ad3007d
aarch64
cri-o-1.23.2-2.rhaos4.10.git071ae78.el8.aarch64.rpm
SHA-256: 9dc9f72ba68a4af93814ea23769de71ae5f7af34a58ab53736fa783df8aae5e6
cri-o-debuginfo-1.23.2-2.rhaos4.10.git071ae78.el8.aarch64.rpm
SHA-256: d3ab0e2379df4def5ca0be0887ed0a7ff89f38dbd465fb5a2db3a73d63ec6bd6
cri-o-debugsource-1.23.2-2.rhaos4.10.git071ae78.el8.aarch64.rpm
SHA-256: 016266cd1df3667458f49f8bd0ff57b67b9ff7cee9d6e65eae2f004c08c35f48
jenkins-2-plugins-4.10.1647505461-1.el8.noarch.rpm
SHA-256: 09212cdf5b04afc899c87684fa1a5e3fb961d3970d699392544237107fbf6f37
openshift-clients-4.10.0-202203170916.p0.g6de42bd.assembly.stream.el8.aarch64.rpm
SHA-256: df049d204aca34fc90550f3be188f5ad2f0cb03651d160b61a41a5c95098c882
openshift-hyperkube-4.10.0-202203211237.p0.gb0357ed.assembly.stream.el8.aarch64.rpm
SHA-256: f11f7c551103e864c7352f99559fc1e701b68c81d9db98783f8e36c258a19f89
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.