Synopsis
Low: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]
Type/Severity
Security Advisory: Low
Topic
The components for Red Hat OpenShift support for Windows Containers 7.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.
Security Fix(es):
- containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
-
Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
Fixes
-
BZ - 2174485
- CVE-2023-25173 containerd: Supplementary groups are not set up properly
-
WINC-981
- Red Hat OpenShift support for Windows Containers 7.0.1 Post Release
-
OCPBUGS-7336
- WMCO kubelet version not matching OCP payload's one
-
OCPBUGS-7843
- containerd version is being misreported
-
WINC-983
- [e2e] Ensure required log files are non-empty
-
OCPBUGS-8085
- Hybrid Overlay logfile is in use and cannot be deleted
-
OCPBUGS-8056
- WMCO is unable to drain DaemonSet workloads
-
OCPBUGS-8037
- Directory deletion errors are being ignored when deconfiguring Windows instances
-
OCPBUGS-10417
- Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
-
OCPBUGS-10935
- Windows pods are unable to resolve DNS records for services
-
OCPBUGS-10784
- In-tree storage for azure-file and vSphere is disabled
-
OCPBUGS-10933
- BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -
-
OCPBUGS-11785
- oc adm node-logs failing in vSphere CI
-
OCPBUGS-11667
- BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039 4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"
-
OCPBUGS-13790
- Segmentation Violation found in WMCO .ensureWICDSecretContent
-
OCPBUGS-14445
- Instance configurations fails on Windows Server 2019 without the container feature
-
WINC-1037
- Windows Server 2019 CI coverage
-
OCPBUGS-14260
- Upgrade from WMCO 7.0.1 to 7.1.0 not working on Windows BYOH nodes: error waiting for proper windowsmachineconfig.openshift.io/version annotation for node
-
OCPBUGS-4862
- Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
Vulmon