Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

Related Vulnerabilities: CVE-2015-20107   CVE-2022-0391   CVE-2022-1292   CVE-2022-1586   CVE-2022-1785   CVE-2022-1897   CVE-2022-1927   CVE-2022-2068   CVE-2022-2097   CVE-2022-2832   CVE-2022-24675   CVE-2022-29154   CVE-2022-30632   CVE-2022-32206   CVE-2022-32208   CVE-2022-34903   CVE-2022-40674  

Source

概要

Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

タイプ/重大度

Security Advisory: Moderate

トピック

OpenShift sandboxed containers 1.3.1 is now available.

説明

OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.

This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix.

Space precludes documenting all of the updates to OpenShift sandboxed
containers in this advisory. See the following Release Notes documentation,
which will be updated shortly for this release, for details about these
changes:

https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html

解決法

Before applying this update, ensure all previously released errata relevant to your system have been applied.

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html

影響を受ける製品

  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

修正

  • BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • BZ - 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  • BZ - 2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor
  • KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]
  • KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]
  • KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator
  • KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started