Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0

**.NET Driver Version 2.19.0 Release Notes**

This is the general availability release for the 2.19.0 version of the driver.

The main new features in 2.19.0 include:

*   Atlas Search builders
*   Default LinqProvider changed to LINQ3
*   ObjectSerializer allowed types configuration
*   Bucket and BucketAuto stages support in LINQ3
*   Support Azure VM-assigned Managed Identity for Automatic KMS Credentials
*   Native support for AWS IAM Roles

This version addresses CVE-2022-48282.

**ObjectSerializer allowed types configuration**

The ObjectSerializer has been changed to only allow deserialization of types that are considered safe.  
What types are considered safe is determined by a new configurable AllowedTypes function (of type Func<Type, bool>).  
The default AllowedTypes function is ObjectSerializer.DefaultAllowedTypes which returns true for a number of well-known framework types that we have deemed safe.  
A typical example might be to allow all the default allowed types as well as your own types. This could be accomplished as follows:

    var objectSerializer = new ObjectSerializer(type => ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith("MyNamespace"));
    BsonSerializer.RegisterSerializer(objectSerializer);
    

More information about the ObjectSerializer is available in our FAQ.

**Default LinqProvider changed to LINQ3**

Default LinqProvider has been changed to LINQ3.  
LinqProvider can be changed back to LINQ2 in the following way:

    var connectionString = "mongodb://localhost";
    var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
    clientSettings.LinqProvider = LinqProvider.V2;
    var client = new MongoClient(clientSettings);
    

If you encounter a bug in LINQ3 provider, please report it in CSHARP JIRA project.

An online version of these release notes is available here.

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

CVE-2022-48282: Release NET Driver Version 2.19.0 Release Notes · mongodb/mongo-csharp-driver

**Welcome to MongoDB's Issue Tracker****I am a customer. Where do I create a Support case?**

*   MongoDB customers should always use the Support Portal to obtain the fastest response and ensure privacy.
*   MongoDB Cloud Manager or MongoDB Atlas customers should follow the Help link in Cloud Manager/ Atlas to create a ticket in the Support Portal.
*   Please note: MongoDB Support no longer utilizes JIRA. Tickets opened via JIRA will not alert the Support Team and will not trigger any SLA timers.

**I am not a customer. Where should I ask general product or support questions?**

MongoDB team members are active in community forums and you can also benefit from the experience of other MongoDB users. You should also consult our excellent documentation.

*   For general questions or community support use the MongoDB Community forums.
*   StackExchange also has several sites with MongoDB topics:
    *   Stack Overflow (programming questions)
    *   DBA StackExchange (database administration questions)
    *   ServerFault (server and networking questions)

**How do I create a feature request?**

All MongoDB users can share your ideas via the MongoDB Feedback Engine.

**Which JIRA project should I use to report bugs?**

*   To report potential bugs in the MongoDB database server, use Core Server (SERVER).  
*   For language-specific drivers (Java, C++, etc.), create a ticket for the relevant language driver.
*   To report a product security vulnerability, use SECURITY, a confidential space private to you and our development team.
*   Unless otherwise specified, comments and attachments in public projects will be visible to the public.

**How can I follow or upvote an existing issue in JIRA?**

If an issue already exists:

*   Vote for that issue to show your support. Voting provides a helpful signal to help prioritize issues in the product/development roadmap.
*   Watch an issue to subscribe to any future updates such as comments or changes in status.

**Tips for creating issues**

The more information you can provide, the easier it is for us to diagnose problems and provide support:

*   Search to find if the issue you are reporting has been reported previously
*   Include any statement or command that reproduces the issue you are experiencing
*   Mention the specific version of the database, client, and driver you are using
*   Include details about your environment, e.g. O/S, software platform, hardware, etc.

**Receive release announcements from MongoDB**

Sign up to be added to our product release announcements mailing list. You'll receive notifications when new versions of MongoDB Enterprise Advanced, the BI Connector, Compass and Ops Manager become available.

CVE-2022-48282: System Dashboard - MongoDB Jira

Red Hat Security Advisory 2023-0769-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.12.4 security update  
Advisory ID:       RHSA-2023:0769-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0769  
Issue date:        2023-02-20  
CVE Names:         CVE-2014-3577 CVE-2021-21684 CVE-2021-41190  
                   CVE-2021-41772 CVE-2021-44716 CVE-2021-44717  
                   CVE-2022-0532 CVE-2022-2879 CVE-2022-2880  
                   CVE-2022-4337 CVE-2022-4338 CVE-2022-23521  
                   CVE-2022-41715 CVE-2022-41717 CVE-2022-41903  
                   CVE-2022-47629  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.12.4 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  
Security Fix(es):

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:bbf1f27e5942a2f7a0f298606029d10600ba0462a09ab654f006ce14d314cb2c

(For s390x architecture)  
The image digest is  
sha256:12e389281c05ba0589197af676dd460f668da162181cb8f3edb8f27101d14c39

(For ppc64le architecture)  
The image digest is  
sha256:853c1577bcb33350c0c19a535c14965bdeee4c6a471dd988f08ae241b866c8fc

(For aarch64 architecture)  
The image digest is  
sha256:2a7f99c2814704b2bbb1ba4c06ce87c50384f87fb120b71d02a2f6bca8c867c6

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2091214 - Pods are unable to start due to error "Failed to set quota limit for projid xxxxx on /var/lib/containers/storage/overlay/backingFsBlockDev: no such file or directory  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-4778 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely  
OCPBUGS-6260 - Catalog, fatal error: concurrent map read and map write  
OCPBUGS-6637 - [4.12] Can't reach own service when egress netpol are enabled  
OCPBUGS-6779 - WebScale: configure-ovs.sh fails because it picks the wrong default interface  
OCPBUGS-6788 - [vsphere-problem-detector] fully qualified username must be used when checking permissions  
OCPBUGS-6807 - Platform baremetal warnings during create image when fields not defined  
OCPBUGS-6973 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1  
OCPBUGS-7044 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy  
OCPBUGS-7208 - When setting allowedRegistries urls the openshift-samples operator is degraded  
OCPBUGS-7227 - update sdn 4.12 branch build config  
OCPBUGS-7230 - [4.12] Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1  
OCPBUGS-7285 - [4.12] Hypershift failing new SCC conformance tests

6. References:

https://access.redhat.com/security/cve/CVE-2014-3577  
https://access.redhat.com/security/cve/CVE-2021-21684  
https://access.redhat.com/security/cve/CVE-2021-41190  
https://access.redhat.com/security/cve/CVE-2021-41772  
https://access.redhat.com/security/cve/CVE-2021-44716  
https://access.redhat.com/security/cve/CVE-2021-44717  
https://access.redhat.com/security/cve/CVE-2022-0532  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/QQRNzjgjWX9erEAQgSOg//X7f2TGGu+9SGJCXbkC0rBIsdRf/aM1/H  
fsRNTFpc/HiiINd6kxVt1NoyoJm02AnBS5KwrvfisRqvSl6B1Rj0urzyNeY4LA0z  
/C5pmO+3Xxd9d5tp+5KY66pdeos9UHhhG/WDwHq7Qnn97eJZ2ZMRFxgTc57fV2GW  
gXBFxu3jrzJRZWTE8kTcthXpffS8/S4BaoTFhS/sjupaSoxgnHjAPqlyhuIYSTLI  
0osCot2bmjI8K6Mr6jR4+HdXPkcYaBAbk1GikKETlNyout9Z/X8c9XwrWEEF4NcD  
zbsEwdzFI1s4l2m69EmJrRui5fwfzGg5PHu6Ok8wLzEyJTspfUit+K0V42bpz3PC  
J3E9yQyWv7pdvLq724tbdsHGjHpBS894zw6IAZ+7k95NjDclfHC+Zfx+OnkxlFzj  
Vjmk3spSMgiZh5micIdg8mhXh7k97quSNeBVmvAQTFkFUYWsKnOwcZ+CFyMC+Qmx  
IZGpbqnkBw4WJc9BsRY4eBRzORjSiUPnjm9Sgp83n8m2aaofWM/TBHRo9bsiq6wS  
xD94FcGf97KneKlBIM8e5NI9lGPn9CrSYaCVx2fm0DU2ViVJTMpiKHJbf7g1bRa7  
1T4tFZpspI0JPTUMikTc4PcDh7kCcKN4iLiMMCut1VsLSgWEOOSkDRX+yWQz5bIy  
39M8aVmxsyYÊUn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0769-01

Red Hat Security Advisory 2023-0772-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.12.4.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.12.4 security update  
Advisory ID:       RHSA-2023:0772-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0772  
Issue date:        2023-02-20  
CVE Names:         CVE-2022-3162  
====================================================================  
1. Summary:

Red Hat build of MicroShift release 4.12.4 is now available with updates to  
packages and images that fix several bugs.

This release includes a security update for the Red Hat build of MicroShift  
4.12.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.12 - noarch, x86_64

3. Description:

Red Hat build of MicroShift is Red Hat's light-weight Kubernetes  
orchestration solution designed for edge device deployments and is built  
from the edge capabilities of Red Hat OpenShift. MicroShift is an  
application that is deployed on top of Red Hat Enterprise Linux devices at  
the edge, providing an efficient way to operate single-node clusters in  
these low-resource environments.

This advisory contains the RPM packages for Red Hat build of MicroShift  
4.12.4. See the following advisory for the container images for this  
release:

https://access.redhat.com/errata/RHSA-2023:0769

Security Fix(es):

* kubernetes: Unauthorized read of Custom Resources (CVE-2022-3162)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section. All the bug fixes may not be  
documented in this advisory. See the following release notes documentation  
for details about these changes:

https://access.redhat.com/documentation/en-us/microshift/4.12/html/release_notes/index

All Red Hat build of MicroShift 4.12 users are advised to use these updated  
packages and images when they are available in the RPM repository.

4. Solution:

MicroShift 4.12.4 - RPMs

For MicroShift 4.12, read the following documentation, which will be  
updated shortly for this release, for important instructions on how to  
install the latest RPMs and fully apply this asynchronous errata update:

https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.12/html/release_notes/index

5. Bugs fixed (https://bugzilla.redhat.com/):

2136673 - CVE-2022-3162 kubernetes: Unauthorized read of Custom Resources

6. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-6908 - service configured with a nodeport can't be reached until after restart of ovnkube-master

7. Package List:

Red Hat OpenShift Container Platform 4.12:

Source:  
microshift-4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8.src.rpm

noarch:  
microshift-release-info-4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8.noarch.rpm  
microshift-selinux-4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8.noarch.rpm

x86_64:  
microshift-4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8.x86_64.rpm  
microshift-networking-4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-3162  
https://access.redhat.com/security/updates/classification/#moderate

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/QQRtzjgjWX9erEAQil4g/8Ctp6xfZH+kkUe21eQL2T/Sq+ISc0iEfP  
imodLD2QPMLsxUrZsupgSFE18qwnFENuCogevdAKQS2wFfc496344VFZ2z1Ur7m0  
oiBwz4tNqePNlKlQSaf3Dxv4YxaZlzloMWA3+CF+qd2OP+1O38IxyQtTxhKr3V4l  
OWDPB+mRmWEmhGu3DHSdKldsmdllsgfZVh6q2exEx9JuHtgDcROL+NGzX2lrAQgS  
JJcPooYTWNKUx2IGqnsNht+enLnnewRp9Y4axYoq01Udl9RUaTXZCgeCoSIe6c87  
iixKbL98kthNw9LsmocNqO1jcmulsGkuVpFNR14gChHwRzCCXe8pqj6iT0YfB+Jx  
ykZlq2ino0qzMqnNeFnTowRhRSzZl+gusemLnPMyPXcVLhWd2+PWefqk43dKxSB3  
/qr9SY1v9pm1XbSwiOrwVh64mkmkSigg88FFpgrhqafz/jTjJQ0JHOBC42Eg2q0i  
D9o/uNXP6zyA6BfCeZQRs95M5mZHiIrbK3sb3fKFjGGH/rfHNTveFPOCajCJE9Dh  
r72n5Xr/YA9GZvkYqcFv0WSXdVFDODPTdSktMwgXfaBNk5J1N6vP8xTz/lC0hnq/  
If2joycbJ6AorEi4oiA6BRVJvvpFQb7iYm2cdduIXOd2dWQ+fZ0xWmggspt812bX  
Wfs1GMTlNIk=UrNr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0772-01

Red Hat Security Advisory 2023-0728-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.3.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.12.3 security update  
Advisory ID:       RHSA-2023:0728-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0728  
Issue date:        2023-02-16  
CVE Names:         CVE-2021-4238 CVE-2022-41717   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.3 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.3. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:0727

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

      The sha values for the release are

      (For x86_64 architecture)  
The image digest is  
sha256:382f271581b9b907484d552bd145e9a5678e9366330059d31b007f4445d99e36

      (For s390x architecture)  
The image digest is  
sha256:529e7aa3a821892575abeecd4971dff194f48943ce364a01d93c599c27d2ef9c

      (For ppc64le architecture)  
The image digest is  
sha256:8db6cb445bdf1534860a1a47f8c50bc73d99dfdd196f06184acbcea5d7bc112f

      (For aarch64 architecture)  
The image digest is  
sha256:4657924fc2720f48932dec10380428804e9d82194f8ac748b7329f7c18021ef8

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-213 - base image quay.io/operator-framework/ansible-operator. After moving to tag v1.20.0, it breaks the task to update k8s_status in an FIPS enabled cluster   
OCPBUGS-2210 - ZTP with converged flow is too slow  
OCPBUGS-298 - Make ovnkube-trace work on hypershift deployments  
OCPBUGS-3095 - IPI for Power VS: Deploy fails when there is are certain preexisting resources  
OCPBUGS-3399 - ovn-k behaviour for service CIDR that doesn't match existing svc ip+port  
OCPBUGS-3941 - Whereabouts CNI timesout while iterating exclude range [backport 4.12]  
OCPBUGS-4238 - Hosted ovnkubernetes pods are not being spread among workers evenly  
OCPBUGS-4281 - Metrics are not available when running console in development mode  
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled  
OCPBUGS-5093 - After entering valid git repo url on Import from git page, throwing warning message instead Validated  
OCPBUGS-5841 - [4.12] Modifying node_mgmt_port_netdev_flags on OVN-K node will crash  
OCPBUGS-5960 - [4.12] Bootimage bump tracker  
OCPBUGS-5996 - [vsphere] installation errors out when missing topology in a failure domain  
OCPBUGS-6066 - Released operator versions are disappearing  
OCPBUGS-6076 - AMQ reconnect for 7 minutes  floods linuxptp daemon with socket connection error  
OCPBUGS-6085 - Editing Pipeline in the ocp console to get information error  
OCPBUGS-6494 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network  
OCPBUGS-6669 - Do not show UpdateInProgress when status is Failing  
OCPBUGS-6703 - oc-mirror heads-only does not work with target name  
OCPBUGS-6758 - `create a project` link not backed by RBAC check  
OCPBUGS-6764 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered  
OCPBUGS-6766 - "Delete dependent objects of this resource" might cause confusions  
OCPBUGS-6805 - MCO reconcile fails if user replace the pull secret to empty one  
OCPBUGS-6823 - [release-4.12] Egress FW ACL rules are invalid in dualstack mode  
OCPBUGS-6850 - admin ack test nondeterministically does a check post-upgrade  
OCPBUGS-6913 - PipelineRun task status overlaps status text  
OCPBUGS-6928 - Update OWNERS_ALIASES in release-4.12 branch  
OCPBUGS-6969 - User Preferences - Applications : Resource type drop-down i18n misses  
OCPBUGS-6997 - Update 4.12 ose-machine-config-operator image to be consistent with ART  
OCPBUGS-7025 - Bundle Unpacker Using "Always" ImagePullPolicy for digests  
OCPBUGS-7103 - Agent ISO does not respect proxy settings

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+7KQtzjgjWX9erEAQiMxRAAhNd1a5zjOKI7HsdHjAAnON9zEuxOn1tn  
VW+fAYkyUgQRIrTrXyabzAgf4mJmy6YeKxYJiWCDmQGAkfTZb9QvfHm8rJQCJ4Zk  
lI6aVAlkouPHk5HAY10yV1rPmRPeWviycfljtPZ+fXrR7KDY61JWEt/VFN8F/zt8  
cJ1uM7NmOUndLDfttHlEj2a35a6iBJxAtTJ9e2/s+3HqTNiiQzT9ghkeyJnUUglB  
g5aHttjkL6blxnIjeeSytUCmRS0CpqMAUdyfQft2zLM0vN58JPChy/t14acEaKQ/  
+MqVRtjPI6NtmLWu6WCwuhMqU0BLFVKp8nk7Ue1tvnyC/egBpD9mjM9sxD5SrRg1  
wFMXgQ17tioPdValyakjxc3+I9GdNu6mKD7AaqKIlZxmFZoR5kCH3pykuw2Pcx9i  
/4b2iLc4USyMJSAssuoLhljS/3jli5VZRLSm2LEOCchAjo1nES1nUh6d2ePcH9YP  
s/E+x4Li3EML+tAxiqgr4KeI5fwg7nDdP5hvltFgVdD1y+D2JrCz+7vhmSnSPej+  
AbwM5n+T5IkiQRGwnFf5KUqSpGPd3IvVLinCKPWEkYRezGhbUzAhc3V5PvtR0Tl2  
Tao8dMVBvvttlLf5jcvJaiw3VBdOcOIHx5JJSUiZ6HomMGBYva8Gfj4F57WnnEK2  
PbL5ln8DF7w=  
=LpVM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0728-01

SiegedSec threat group leaked data that Atlassian says was taken from app used to coordinate in-office resources.

_Ed. note: This story has been updated to include a statement from Envoy provided to Dark Reading about the incident._

A threat group called SiegedSec recently posted a cache of employee and operations information allegedly stolen from software workforce collaboration tool provider Atlassian.

Now Atlassian, best known for its Trello, Jira, and Confluence brands, is reassuring its customers their data is secure, and according to reports, explained that a third-party app was breached, compromising employee data including names, emails, departments, and floor plans of segments of Atlassian offices located in San Francisco, Calif., and Sydney, Australia.

"On February 15, 2023 we learned that data from Envoy, a third-party app that Atlassian uses to coordinate in-office resources, was compromised and published," an Atlassian spokesperson told CyberScoop. "Atlassian product and customer data is not accessible via the Envoy app and therefore not at risk."

The company statement added there is an ongoing investigation into the breach.

Envoy says the breach likely occurred due to the threat actor gaining access to employee credentials.

"We’re investigating this right now and are not aware of any compromise to our systems,” an Envoy spokesperson said in a statement emailed provided to Dark Reading. “Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Atlassian: Leaked Data Stolen via Third-Party App

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: RHSA: Submariner 0.13.3 - security updates and bug fixes  
Advisory ID:       RHSA-2023:0795-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0795  
Issue date:        2023-02-15  
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527   
                   CVE-2021-46848 CVE-2022-1304 CVE-2022-2509   
                   CVE-2022-2601 CVE-2022-3515 CVE-2022-3775   
                   CVE-2022-3787 CVE-2022-3821 CVE-2022-22624   
                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662   
                   CVE-2022-26700 CVE-2022-26709 CVE-2022-26710   
                   CVE-2022-26716 CVE-2022-26717 CVE-2022-26719   
                   CVE-2022-30293 CVE-2022-30698 CVE-2022-30699   
                   CVE-2022-32149 CVE-2022-35737 CVE-2022-37434   
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-40674   
                   CVE-2022-41974 CVE-2022-42010 CVE-2022-42011   
                   CVE-2022-42012 CVE-2022-42898 CVE-2022-43680   
=====================================================================

1. Summary:

Submariner 0.13.3 packages that fix various bugs and add various  
enhancements that are now available for Red Hat Advanced Cluster Management  
for Kubernetes version 2.6

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

2. Description:

Submariner enables direct networking between pods and services on different  
Kubernetes clusters that are either on-premises or in the cloud.

For more information about Submariner, see the Submariner open source  
community website at: https://submariner.io/.

This advisory contains bug fixes and enhancements to the Submariner  
container images.

Security fixes:

* CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage  
takes a long time to parse complex tags

Bugs addressed:

* Build Submariner 0.13.3 (ACM-2226)  
* Verify Submariner with OCP 4.12 (ACM-2435)  
* Submariner does not support cluster "kube-proxy ipvs mode" (ACM-2821)

3. Solution:

For details on how to install Submariner, refer to:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/add-ons-overview#submariner-deploy-console

and

https://submariner.io/getting-started/

4. Bugs fixed (https://bugzilla.redhat.com/):

2134010 - CVE-2022-32149 golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

5. JIRA issues fixed (https://issues.jboss.org/):

ACM-2226 - [ACM 2.6.4] Build Submariner 0.13.3  
ACM-2435 - [ACM 2.6.4] Verify Submariner with OCP 4.12  
ACM-2821 - [Submariner] - 0.13.3 - Submariner does not support cluster "kube-proxy ipvs mode"

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-2601  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-3775  
https://access.redhat.com/security/cve/CVE-2022-3787  
https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-30698  
https://access.redhat.com/security/cve/CVE-2022-30699  
https://access.redhat.com/security/cve/CVE-2022-32149  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/cve/CVE-2022-41974  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+14wdzjgjWX9erEAQg+VBAAiiffNuiFJjmFzWkWuJNTUZnhDMxU+Vru  
gXNpBfqW5UJSC10TNoscMfRhwxfuHwf69w7Eina9mVVk5GrvRTv7UK2cq1bAq7D4  
JZugqW3mRmauRy4iRPeH2GhVZxJta7Dvk6zEVRSqJgOXOU8METGJFTCwqgEdXB7x  
ekCO1d+7sGpVOblV4FoPd9VPaSBjxiaW+SQT9oXsrxYaHKwPL10uqyiXUrg1PhrC  
bbvLGfZgyTIMWGyyw572PDHUz60jEH1mEHaSe7Y8+fUEV7c6hK1q8U7fufCILyaM  
UV/Dn9zQpTWS3WbdDdvc6O+XUxTPTI7jfkmr/XGxGo3hG+3Wp+HUky1fJejayiTk  
HWCtVaXFOtf6jAul2VkXD0Z1gqhVYFQv7TynzZe/6JIDj5TZb6wqaGq6grpgnM3+  
jJ+DDC5bM9CRqSFsxYGG/Cd8wpXA5FYFWxtUUmDnjCHIm5nH3iiHNGv5DgTloP92  
AwGhHuzmkP+yEqUkGwYX1tB+ynnkhbwTLUOKImgih2aYbvKeGRuRdde+KnHp1bBm  
Yw6lRdbJGMcuYRc8g/0+33KEmfKeE+usUFJO1Vp1p+j3KIhlpeDFujkM4ywrMsUa  
zc+4uRPHGprC8+62UuPlNT1U8G7H6xcmZZGKH6OVo+9AEGOkDSEaykQIs/KtE2GS  
k56b0vf5fmc=  
=WGSE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.10.52 security update  
Advisory ID:       RHSA-2023:0698-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0698  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-1471 CVE-2022-3064 CVE-2022-23521  
                   CVE-2022-34174 CVE-2022-38023 CVE-2022-41903  
                   CVE-2022-47629  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.10.52 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.10.52. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:0697

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [4.10] Prevent redundant queries of BIOS settings in  
HostFirmwareController (BZ#2061794)

* ovn-nbctl.log is never rotated (BZ#2072601)

* [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN poddisruptionbudgets  
(BZ#2092193)

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:b13ee67469f7f85a1b1daf57424f3c7c02c3a188cb640dc6284742091a7e6d50

(For s390x architecture)  
The image digest is  
sha256:4c776be05c475ee885829444509258b486d79d8128e12d6d2263ab7cdef83ce8

(For ppc64le architecture)  
The image digest is  
sha256:2d4e0af6ca2afc8c10d210aa520aba602618f3fad4cb42636bddb57b1f0ce425

(For aarch64 architecture)  
The image digest is  
sha256:7cadaaf6e0f71645864963e6c47c75852ce68aff80c963dfba2ddf51c0b836c4

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2061794 - [4.10] Prevent redundant queries of BIOS settings in HostFirmwareController  
2072601 - ovn-nbctl.log is never rotated  
2092193 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN poddisruptionbudgets  
2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-2106 - intra namespace allow network policy doesn't work after applying ingress&egress deny all network policy  
OCPBUGS-2614 - e2e-gcp-builds is permafailing  
OCPBUGS-2982 - [release-4.10] Update blueocean-autofavorite to 1.2.5  
OCPBUGS-3615 - [4.10] [perf/scale] libovsdb builds transaction logs but throws them away  
OCPBUGS-4095 - Various Jenkins CVEs for October 2022 [openshift-4.10.z]  
OCPBUGS-4578 - Origin tests for bonds - 4.10 backport  
OCPBUGS-4882 - [2117255] Failed to dump flows for flow sync, stderr: "ovs-ofctl: br-ext is not a bridge or a socket"  
OCPBUGS-5077 - Service spec value `externalTrafficPolicy` does not trigger rules update in ovnkube-node pod handlers on edit  
OCPBUGS-5296 - Developer Topology always blanks with large contents when first rendering  
OCPBUGS-5961 - Add support for API version v1beta1 for knativeServing and knativeEventing  
OCPBUGS-6690 - OLM details page crashes on incomplete ClusterServiceVersion resource  
OCPBUGS-6702 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades  
OCPBUGS-6754 - Topology gets stuck loading  
OCPBUGS-6886 - [4.10] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450  
OCPBUGS-6930 - hack/check-plugins-supply-chain-change.sh is not executable  
OCPBUGS-7052 - Sync jenkins-version.txt, base-plugins.txt and bundle-plugins.txt from master branch

6. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kZ9zjgjWX9erEAQjaJxAAqF+IAiwuWfRcYGBXUwA/K3P+44YgTiVo  
xISaecxqI5ybSvMPCzFHftDSntW6nhIUFpSC2xIsvzsEIEvT8TFR09NAtGv57kzK  
8nbqNMc+orQhRYe8qNE/kadzQOEpDuM/Ni72anrFDoD7/oFMkoLur1TtBhYG067J  
AyCiSMYF3IA2K9hPapoa9DmjAF+K6XKHrlP4pmdT3bw152BCfQ0K/wb/4tDGUgym  
TH6r7dK3MkKJY+hkx4Rf8O8wRyodMID5tuLeQl9zhsOPHVE+S1T8fWzRkHYMpx1T  
p9IL8mXJs6f5hDR+ZyRr6tLlA36Glaqbpk1sfij96USYC8n7AtOtwY092SmHz3GO  
+OEwiL5Vnk6VgQIxweZ5SZgLUXsTkUYelXFeLUG2TRqw24kjMUqOpql1S/Ps/R6n  
zlnaA2wD+fjYpTv72XKMiaHxsuY36Ys+RWnxOXGDKBrn9yYerwV9iAqKFv3MumkA  
LIXGqkXigGEeNFiaxDPyoeCWW4UxFnGTv1J4JDfRHLIuUNU6ETe/a4Lwy4niaF6m  
Wqd7GqzHcrI/XTMoQyT1VwbKVYLl80F/mEDbxsxXep8Bxck5UbYjm8ta0U5zDxIB  
v3RYCBXm8egt1Y2En6Ul6X4ZM+ePFDlde87cn3wANF6WfikehXenLXwnQBXOebT4  
7rSPY9B2p+A=wyNJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0698-01

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift (Logging Subsystem) security update  
Advisory ID:       RHSA-2023:0633-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0633  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-23521 CVE-2022-40303 CVE-2022-40304  
                   CVE-2022-41903 CVE-2022-47629  
====================================================================  
1. Summary:

Logging Subsystem 5.5.7 - Red Hat OpenShift

2. Description:

Logging Subsystem 5.5.7 - Red Hat OpenShift

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. JIRA issues fixed (https://issues.jboss.org/):

LOG-3533 - tls.cert, tls.key and passphrase are not passed to the fluentd configuration when forwarding logs using syslog over TLS  
LOG-3534 - [release-5.5] [Administrator Console] Seeing "parse error" while using Severity filter for cluster view user

5. References:

https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate  
null

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kYtzjgjWX9erEAQh8tg/+OxUzZUKlGBAcVY2WQ/YrOzOAL73pf5Vs  
X5yLUjjK9yBeXtTjnWQIuYst3tDiUtUAq41xC6QJ622opWMtBVH26IwS9o0jE/px  
8xR7PaVY7UOxjdRA9JIt7NH1BhH8iv463xVWvXMvTVfHtjva6aaorFXofjGOLs/s  
nLikw9Q/9TPDtg955NoXj8YT+aF9jXivWVu/2Z25o0bC9yitGOByvah1NTTYfkGw  
86H+2PYkZ2jXyO0O6fES1HG5ATkvnFFUbk5hrE8Q58tBOMWv6vCyPjvrhFBlCIR2  
NvsBQWwIj2Lzn/pFji8uTf2x+m3JNOqzGa/M0cHzRPdvwi0YcXYurF/9n5Vgb7sS  
n1lrKg8dX2v1i6GAgYx8BFMrcFzw/D8az/q30LwCJauWy+i74/uyM3ukUKbXnvkO  
sjl/bT3ztkuO2jlGfZCjirhFNdjShbL06f2elDe5p4A47D7S8oPrd++KuPrh432e  
CRZ966edVDP1LLuR6Mz3y26hkF1pYgzNoB2qbgY5se0feyHrSsnh0njYBWQwv3Qu  
68w3HXby+O9Rd/azAICbEjTX+Os/UDiAN1+gTkiALdRAYI4yyQPoIp8dB4AuHxmn  
UARsqN6glH5GYdkDq6rfVC5fC9pn16OJb6HOTIbCQ5tHJUgjZCElmsRc9kxzZe+6  
LGOMFBehEt8=Gx1+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0633-01

Red Hat Security Advisory 2023-0651-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution esigned for on-premise or private cloud deployments.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.27 security update  
Advisory ID:       RHSA-2023:0651-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0651  
Issue date:        2023-02-15  
CVE Names:         CVE-2021-4238 CVE-2022-47629   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.11.27 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution esigned for on-premise or private  
cloud deployments.

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other elated information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Networking Day 1 - Bootstrap Doesn't Get External IP when no DHCP Server  
(BZ#2048600)

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at:

https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:65e71a774a18c1c191f28655ce245abeecd653e8215b75f87eb23ceadacd530d

(For s390x architecture)  
The image digest is  
sha256:cfccfab6abf7cd74cffbc43e4ae38745f258cb28ff6360b0f433c7718d6f144b

(For ppc64le architecture)  
The image digest is sha256:  
e13089586d2061a41250e2b546259bef0c5c4995c704d0e2220ae516a1a675da

(For aarch64 architecture)  
The image digest is  
sha256:932754cfa58f41186a48ecff03c6345c59325fc7ff1496e91e57fa34752db142

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at:  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2048600 - Networking Day 1 - Bootstrap Doesn't Get External IP when no DHCP Server  
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-3507 - [4.11.z] Incorrect network configuration in worker node with two interfaces  
OCPBUGS-4340 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver  
OCPBUGS-5459 - Topology sidebar actions doesn't show the latest resource data  
OCPBUGS-5926 - NMstate removes egressip in OpenShift cluster with SDN plugin  
OCPBUGS-6176 - Tracker: Configure ignored namespaces into multus-admission-controller (4.11)  
OCPBUGS-6683 - [4.11]Improve Pod Admission failure for restricted-v2 denials that pass with restricted   
OCPBUGS-6837 - Add rpm-build to DTK image  
OCPBUGS-6907 - Image registry Operator does not use Proxy when connecting to openstack  
OCPBUGS-6920 - Tracker: Configure ignored namespaces into multus-admission-controller (4.11,CNO)  
OCPBUGS-7033 - 4.11 error 524 from seccomp(2) when trying to load filter [rhel-8.6.0.z]   
OCPBUGS-7034 - 4.11 [iavf] It takes long time to create multiple VF interfaces and the VF interface names are not consistent [rhel-8.6.0.z]

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+zQA9zjgjWX9erEAQjY7Q//YWMAWAjecEvTomhKUA2d5zlkZ+5x85ce  
DRlz4l1m8INyBt6/6P7H03ahzq/3v50Zxr+SRL9trJS1V9VS9vD/n+YaIFr65gbG  
FivmQwH4tBNVjmxG4Lhn5Al87xXyJbvUHX3SRoluj1C7k8UHZBw2uhXo1bS7SHq7  
+K6e/+nXR2UroGdkDU/kB6xpMwSKE0pJrVo/xpaD9QgzGjtVXmbL3b0USEUeU3w1  
grQKknqqu7ItZaV3MgcA5DxDlOdl896Btd6/T/2RG20P2Zrf77LM5cAssiwwbDF7  
FzuU6Ve8i1oEAvHZlJjrqJyVMwF9oDjBlEdcjJKTTrpn3VeHVnEjv7l0eHcbGSsU  
kB1CpMC2UA/uQD3QDZhCpWUfybej3zuhY40lxmz5Tf/NKduX6J8uOb+0RdSYsVWr  
7Q5sp6ybngKDTLyzZJwvj/NfVuNqtkhcOXhFDeeoUjsj4ONV0PZakKj2FJfP464J  
JfLnyufhgfy03D4CbLqSeQxV9hPwW4CyQ5h46/zLtqKe06yh8LAf8fDsnkayk2h2  
I4xdIehgw1txDh8RO2d43y5i2DnSjNmacWhxWy38bNdRGxPUF36pnfjuG9T83Gw4  
iLaPQEeIVD/7692QNZO8cGntLtZoM7TkfwPAEEth3QC9JGM+TLtl2YwXQQWtxTNU  
wCGZORPJZyw=  
=sByk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#jira