-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.13.0 bug fix and security update Advisory ID: RHSA-2023:1329-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1329 Issue date: 2023-05-18 CVE Names: CVE-2022-41717 ==================================================================== 1. Summary: Red Hat build of MicroShift release 4.13.0 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat build of MicroShift 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, x86_64 3. Description: Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.13.0. Read the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:1326 Security Fix(es): * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All of the bug fixes may not be documented in this advisory. Read the following release notes documentation for details about these changes: https://access.redhat.com/documentation/en-us/microshift/4.13/html/release_notes/index All Red Hat build of MicroShift 4.13 users are advised to use these updated packages and images when they are available in the RPM repository. 4. Solution: For MicroShift 4.13, read the following documentation, which will be updated shortly for this release, for important instructions on how to install the latest RPMs and fully apply this asynchronous errata update: https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.13/html/release_notes/index 5. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 6. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-10223 - kubeconfig CA includes all signers OCPBUGS-10242 - CSI driver ends up in crash loop when host does not have default VG name OCPBUGS-10243 - sysconfwatch-controller logs excessively OCPBUGS-10251 - Rebase to 4.13 failed with duplicate metrics registration in ovnk OCPBUGS-10253 - nats.io doesn't work on microshift OCPBUGS-10254 - The router pod is delayed over 5m after reboot OCPBUGS-10256 - Some pods not coming up after rebooting OCPBUGS-10617 - Prompt unexpected err="microshift-etcd failed to start when execute 'microshift-etcd run' OCPBUGS-10791 - MicroShift pods cannot resolve local host name OCPBUGS-11295 - e2e: Config v1 client shim for static configuration manifests with read-only operations OCPBUGS-11412 - build requirements are not available outside of Red Hat OCPBUGS-11497 - Microshift-etcd doesn't start up with memoryLimitMB set to 50. OCPBUGS-11593 - RPM build shows errors from missing jq command OCPBUGS-11660 - sudo /usr/bin/microshift show-config --mode effective doesn't show the correct memoryLimitMB value OCPBUGS-11811 - dependency on openvswitch is not compatible with RHEL 9.2 versions OCPBUGS-13023 - Update dependency on selinux-policy to match RHEL 9.2 released package version OCPBUGS-2869 - Don't observe could not find the requested resource *v1.ClusterResourceQuota OCPBUGS-3635 - Default for spec.to.weight missing from Route CRD schema OCPBUGS-4198 - route-controller-manager not creating routes OCPBUGS-4323 - Route/v1 defaulting for target kind and termination must be sharable between openshift-apiserver and kube-apiserver OCPBUGS-4577 - [MicroShift] the host and routerCanonicalHostname should use same sub domain name OCPBUGS-4657 - Route defaulting package from library-go must be available for import by kube-apiserver admission plugins OCPBUGS-4658 - Use shared library in admission to default Routes served via CRD OCPBUGS-5537 - MicroShift's rebase step creates tight coupling with specific branch OCPBUGS-5858 - MicroShift's rebase is missing arm64 nightly changes if no new amd64 nightly was produced OCPBUGS-5908 - Change TopoLVM to use 4.12 released image references OCPBUGS-6173 - Update 4.13 ovn-kubernetes-microshift image to be consistent with ART OCPBUGS-6858 - Missing CRI-O version dependency leads to network not starting OCPBUGS-6860 - service configured with a nodeport can't be reached until after restart of ovnkube-master OCPBUGS-6864 - iptables rules can not be restored after removing source and adding it back OCPBUGS-7444 - Fix firewalld known issue in microshift doc OCPBUGS-8338 - Add etcd config to Microshift user config OCPBUGS-8493 - Microshift does not come up if the Hostname of RHEL has an upper case letter OCPBUGS-8704 - (4.13) microshift-etcd fail to check the version OCPBUGS-9965 - fails to access APIServer service IP assigned on lo device OCPBUGS-9999 - malformed manifests are retried indefinitely and cause API server availability issues 7. Package List: Red Hat OpenShift Container Platform 4.13: Source: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.src.rpm aarch64: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.aarch64.rpm noarch: microshift-release-info-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm microshift-selinux-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.noarch.rpm x86_64: microshift-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm microshift-networking-4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/microshift/4.13/html/release_notes/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGW+qNzjgjWX9erEAQgKUBAAgJTFwCyw2sDIBX09SpO/DpM0b4EWNDL1 5+cVfhtJ6BitU5yiXrjXocGcgho5yIWY9MRZ+sq7hRuFjE+k0uB0bGy3AfOjcVDG uOspUjkvW8KzhTRVpKXDDqP9Q6OpYqaXptkYwvYro9vAFQm/QvW7PKw/K60FIpPK g/K7gjy9xnLghG6C6vG6/XsFXOEvQ8ZOgchYHDFVm2wZK41m1V1irGBHdggaMdA2 bFBpSKadF+zXRjT6gLxBec2GGSxSmBNP0B/2JHTxWvuzNRBVIMXRZt98o6OkLkWo g2pzIDTgVY6ls83BebJVD0tx8h5k4PYolgk09TxnDgMRrca5ZXQhk3HmWAHD+0t3 DEypXiiI87pzC00QBbb9IJWz+SVsIXbgL30SilBJRFIc+y9gmJKf0G691psP8U7F vqn5qsH6gCJl27seARkKerVWoN/Swylq+o20I1NfJSNTOg328tejUVaWvAt+vNMC oQQg9EsoWFtmyzP02wuX7aD5807MeTXy5LrCSMPPPPBwf5AwIkb5AnZOlAnmSmFC 1wjDi6GW+pX7H36Y4SSaj1Nnj4Pzol19WRD9FJX5ywqWmv+tevf92nFXjnIc2Wyl uxBLNJq5W4GzW9gu1W2UWOaGAPZZ0WB6M4tquznXMF4AbjVgz64GpAgAR2q8xZcx AlbUjtGBbZM=2NZ9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce