Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0114: Red Hat Security Advisory: OpenShift Container Platform 4.7.41 security update

Red Hat OpenShift Container Platform release 4.7.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-39241: haproxy: an HTTP method name may contain a space followed by the name of a protected resource
  • CVE-2021-40346: haproxy: request smuggling attack or response splitting via duplicate content-length header
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#redis#nodejs#js#git#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-01-19

Updated:

2022-01-19

RHSA-2022:0114 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.7.41 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Red Hat OpenShift Container Platform release 4.7.41 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHBA-2022:0117

Security Fix(es):

  • haproxy: an HTTP method name may contain a space followed by the name of

a protected resource (CVE-2021-39241)

  • haproxy: request smuggling attack or response splitting via duplicate

content-length header (CVE-2021-40346)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Affected Products

  • Red Hat OpenShift Container Platform 4.7 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.7 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8 s390x

Fixes

  • BZ - 1995107 - CVE-2021-39241 haproxy: an HTTP method name may contain a space followed by the name of a protected resource
  • BZ - 2000599 - CVE-2021-40346 haproxy: request smuggling attack or response splitting via duplicate content-length header

Red Hat OpenShift Container Platform 4.7 for RHEL 8

SRPM

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 5345c3763b509decd11d894a9caa9c5bf5a876998515704a18aa559083b373a8

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.src.rpm

SHA-256: 3fc358678dce7725e60f1f1e03bf534a112a8c9b3c6dc22f89b0adfe512562d5

haproxy-2.0.19-2.el8.src.rpm

SHA-256: 30ed52e870e479e7a47ff03aafc2e9c4e35d088f5a556167eccb21502d1a211a

openshift-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.src.rpm

SHA-256: 063e1ea01278990efd4e3b67ffe8058d46d17a81d72140f2ec76b83bb52ef7c6

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.src.rpm

SHA-256: 86f1ceda451d897faccacb8a5aed3910fc7b61ddcda396661bae3c06d0a409d1

openshift-kuryr-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.src.rpm

SHA-256: 4ceca5f40cd53798ab3a9593f6b0447208ad0ee227ddd0f6255557b1c51ca361

x86_64

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.x86_64.rpm

SHA-256: 7ba49d16325163322de4340478f3a5e189bd939de6097d40eb46e2b884b0d412

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.x86_64.rpm

SHA-256: 077574526f28735dde52d792f8af68a2a328c0b28e01670b6e76f3bcff8152cd

cri-o-debuginfo-1.20.6-5.rhaos4.7.git8594c20.el8.x86_64.rpm

SHA-256: 344447a1ea29027b3776dc379182d195dcab79e9aee8cc06d55aeca8af12c724

cri-o-debugsource-1.20.6-5.rhaos4.7.git8594c20.el8.x86_64.rpm

SHA-256: ec0e6825d49407f9192b4cb6428fd841d899e16477db8d01880a083659436fdd

haproxy-debugsource-2.0.19-2.el8.x86_64.rpm

SHA-256: fdf2e420c7253e71135b41a426e9004f188e7476272a5cc43d673407ff748452

haproxy20-2.0.19-2.el8.x86_64.rpm

SHA-256: 52249741d50bbebabceac57b887416f62a98db423aafb790dc30a803087e14c5

haproxy20-debuginfo-2.0.19-2.el8.x86_64.rpm

SHA-256: acfa7a7b4d7c730613c3f6a04c21e94bd9a5eba1ed66232df3a1bcced606057e

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.x86_64.rpm

SHA-256: c990cea149de7a313723c229c6edf263e9e04b498bfb9a86b3d41cb867e7c96f

openshift-clients-redistributable-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.x86_64.rpm

SHA-256: c39615b36931f10e4feac113f40a76f8f4759da39e6558ce15fcb290860509f0

openshift-hyperkube-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.x86_64.rpm

SHA-256: a43de69edfb3637d35bd91fb9966f6dc030dbf4643fcfba8b82b2ee39166d263

openshift-kuryr-cni-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: d707a3c35a1cab19b61b73f621a7a668b8bef49c7cf6a8616fb0843405bf8e57

openshift-kuryr-common-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 679d0d198c08f7c5c7a01e4ee895d2cdf3223877e13d6472df8835cf77cb6d71

openshift-kuryr-controller-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 18c5b2f5aafa4700e8aad90d5237678fd20061926754cf3eddcf082a393e323d

python3-kuryr-kubernetes-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 7a3479c5231312b37e7f06b171baa3d525a5908793c659f8f057b6025b8cd410

Red Hat OpenShift Container Platform 4.7 for RHEL 7

SRPM

cri-o-1.20.6-5.rhaos4.7.git8594c20.el7.src.rpm

SHA-256: 85c8ceac0d2536d1bdad87598e18ed44d2011be76b103fd9ac76e7a12bde863d

haproxy-2.0.19-2.el7.src.rpm

SHA-256: c5a6668deef5f351c859a499bfe2abfd8335299a10e0826d9a963564c3105d2f

openshift-4.7.0-202201082234.p0.ge880017.assembly.stream.el7.src.rpm

SHA-256: 9bac87ba848fbddf9f7fb2eee5abcb3a1fa5334d0ee02e8dbcd00247195caaf2

openshift-ansible-4.7.0-202201082234.p0.g4a5273a.assembly.stream.el7.src.rpm

SHA-256: 696dcc6d09307e608b56fd9d789855b8314503ecfc88e0f63359e1351c24ab79

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el7.src.rpm

SHA-256: 5f4c52d61591b3b24d5bb422ed0045ba2bf2b34b6edd7431c95cb23cccd430aa

x86_64

cri-o-1.20.6-5.rhaos4.7.git8594c20.el7.x86_64.rpm

SHA-256: 26ec26a93102205f5728ae311a854e72e7c49e78c9614f90a23b377f011c510e

cri-o-debuginfo-1.20.6-5.rhaos4.7.git8594c20.el7.x86_64.rpm

SHA-256: 65df310d88b1396502bdb33144bb10cffde5e7c3f39c0d6a5828bd2031db6355

haproxy-debuginfo-2.0.19-2.el7.x86_64.rpm

SHA-256: 02859a91ae1c81d56aa82532d92989a9c70c24a69afa44d753233dd871db43e9

haproxy20-2.0.19-2.el7.x86_64.rpm

SHA-256: 8154b125afa00cbce0f451fc0a3814186360e85a0fa036a5ad4fb4d739ba77ac

openshift-ansible-4.7.0-202201082234.p0.g4a5273a.assembly.stream.el7.noarch.rpm

SHA-256: f38c48e216d85e136e75736a20f0cd8d46d38c0d8c7378a7fcdf077021052234

openshift-ansible-test-4.7.0-202201082234.p0.g4a5273a.assembly.stream.el7.noarch.rpm

SHA-256: 1422231d097b5f2528e090c103cdee14ce443781f000dd0fcdd5bac827692e0a

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el7.x86_64.rpm

SHA-256: 5ab0cdef3cb7da068f74309d28bb760ca9aaf4ce58889b89df9d159cfeaab6fa

openshift-clients-redistributable-4.7.0-202201082234.p0.g25914b8.assembly.stream.el7.x86_64.rpm

SHA-256: 4f42a9856f91c2c9d87fe3ba72b6d08746f88d9916be9aaac0f9e4541c602f92

openshift-hyperkube-4.7.0-202201082234.p0.ge880017.assembly.stream.el7.x86_64.rpm

SHA-256: 3bb7a4f996a8916b1a511344a9a8f98a25632f4245235ce64ae6a2c04137ee78

Red Hat OpenShift Container Platform for Power 4.7 for RHEL 8

SRPM

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 5345c3763b509decd11d894a9caa9c5bf5a876998515704a18aa559083b373a8

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.src.rpm

SHA-256: 3fc358678dce7725e60f1f1e03bf534a112a8c9b3c6dc22f89b0adfe512562d5

haproxy-2.0.19-2.el8.src.rpm

SHA-256: 30ed52e870e479e7a47ff03aafc2e9c4e35d088f5a556167eccb21502d1a211a

openshift-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.src.rpm

SHA-256: 063e1ea01278990efd4e3b67ffe8058d46d17a81d72140f2ec76b83bb52ef7c6

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.src.rpm

SHA-256: 86f1ceda451d897faccacb8a5aed3910fc7b61ddcda396661bae3c06d0a409d1

openshift-kuryr-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.src.rpm

SHA-256: 4ceca5f40cd53798ab3a9593f6b0447208ad0ee227ddd0f6255557b1c51ca361

ppc64le

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.ppc64le.rpm

SHA-256: 00f307561479f7c2c0dbd841688af8ade8e5cc7eb1aae4aba7cc830f8409a4f5

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.ppc64le.rpm

SHA-256: d07074cc9c2804e92709f831aa84acdf2c7ab6ffa5506c62e322ff0b3303b356

cri-o-debuginfo-1.20.6-5.rhaos4.7.git8594c20.el8.ppc64le.rpm

SHA-256: 3b7d1f5874f4077f9ae2d3020cb693779d86e59695347ebda932ba805bb2952f

cri-o-debugsource-1.20.6-5.rhaos4.7.git8594c20.el8.ppc64le.rpm

SHA-256: 85953bc096ddf31cbe228671b73df811637e2ea034bb5e5196f9c7577de3793d

haproxy-debugsource-2.0.19-2.el8.ppc64le.rpm

SHA-256: ffd2da0fb9f5b8cb3bd610f95a20e6c9ada4942386a6ccee1ec0fbaef821d347

haproxy20-2.0.19-2.el8.ppc64le.rpm

SHA-256: 452af89d35e545c0b6299ab9dec2f548f3dbb2bb274c547f4b9152c55d04cb93

haproxy20-debuginfo-2.0.19-2.el8.ppc64le.rpm

SHA-256: 37c1c3e1563faab1684c3ee8190951955de6ce44e1a9cc0572683301c7e21120

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.ppc64le.rpm

SHA-256: 962edf30d439dd03e614e24b7cbc49d991eb4ebb1798686a20d07e9eab40e343

openshift-hyperkube-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.ppc64le.rpm

SHA-256: 004ebf69c04015419accba35ff8df2667a6990bb4ef61ff6d77f5ee9327f500d

openshift-kuryr-cni-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: d707a3c35a1cab19b61b73f621a7a668b8bef49c7cf6a8616fb0843405bf8e57

openshift-kuryr-common-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 679d0d198c08f7c5c7a01e4ee895d2cdf3223877e13d6472df8835cf77cb6d71

openshift-kuryr-controller-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 18c5b2f5aafa4700e8aad90d5237678fd20061926754cf3eddcf082a393e323d

python3-kuryr-kubernetes-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 7a3479c5231312b37e7f06b171baa3d525a5908793c659f8f057b6025b8cd410

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.7 for RHEL 8

SRPM

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.src.rpm

SHA-256: 5345c3763b509decd11d894a9caa9c5bf5a876998515704a18aa559083b373a8

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.src.rpm

SHA-256: 3fc358678dce7725e60f1f1e03bf534a112a8c9b3c6dc22f89b0adfe512562d5

haproxy-2.0.19-2.el8.src.rpm

SHA-256: 30ed52e870e479e7a47ff03aafc2e9c4e35d088f5a556167eccb21502d1a211a

openshift-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.src.rpm

SHA-256: 063e1ea01278990efd4e3b67ffe8058d46d17a81d72140f2ec76b83bb52ef7c6

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.src.rpm

SHA-256: 86f1ceda451d897faccacb8a5aed3910fc7b61ddcda396661bae3c06d0a409d1

openshift-kuryr-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.src.rpm

SHA-256: 4ceca5f40cd53798ab3a9593f6b0447208ad0ee227ddd0f6255557b1c51ca361

s390x

atomic-openshift-service-idler-4.7.0-202201082234.p0.g39cfc66.assembly.stream.el8.s390x.rpm

SHA-256: 2e389b93a1ed27e14252de3ac156c7de2deaa141cedf59baeff4c36dcb7c978a

cri-o-1.20.6-5.rhaos4.7.git8594c20.el8.s390x.rpm

SHA-256: 921db88ed3d6ee87a9221b13a46829fce7eaf080b5e5b38e8249b9c824c14a76

cri-o-debuginfo-1.20.6-5.rhaos4.7.git8594c20.el8.s390x.rpm

SHA-256: 4c4edc7f879b413f00233f90f3a2efe96b65d8f2c45dc87104c9500651f34067

cri-o-debugsource-1.20.6-5.rhaos4.7.git8594c20.el8.s390x.rpm

SHA-256: bc2e70fe0e776333432126a84613422a57c408a5bea04d0ad179a1028296e502

haproxy-debugsource-2.0.19-2.el8.s390x.rpm

SHA-256: 42bb7a235a5ef2bda9881c6fbd7dace1fdbdca32f5131a664fc18fb8e3128b2b

haproxy20-2.0.19-2.el8.s390x.rpm

SHA-256: a097926e2321d41cde122a45a3a68ca6ce6eea6569b3f0c4fda4c1a75438f019

haproxy20-debuginfo-2.0.19-2.el8.s390x.rpm

SHA-256: 223e146fbfc7affe9f510fa14ea417e3fac725ea66abdfe6a9c25993ffc6faa5

openshift-clients-4.7.0-202201082234.p0.g25914b8.assembly.stream.el8.s390x.rpm

SHA-256: 13480ddd9e3dfc2a562351d66e0e10e2285b2c538912c4e358c818a60b8dcdd5

openshift-hyperkube-4.7.0-202201082234.p0.ge880017.assembly.stream.el8.s390x.rpm

SHA-256: 89e1c9b88c44d60d615fd9fd388a230c3bb207fc0c4bdba547d94889891d86c0

openshift-kuryr-cni-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: d707a3c35a1cab19b61b73f621a7a668b8bef49c7cf6a8616fb0843405bf8e57

openshift-kuryr-common-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 679d0d198c08f7c5c7a01e4ee895d2cdf3223877e13d6472df8835cf77cb6d71

openshift-kuryr-controller-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 18c5b2f5aafa4700e8aad90d5237678fd20061926754cf3eddcf082a393e323d

python3-kuryr-kubernetes-4.7.0-202201082234.p0.g72de60e.assembly.stream.el8.noarch.rpm

SHA-256: 7a3479c5231312b37e7f06b171baa3d525a5908793c659f8f057b6025b8cd410

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data