Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: OpenShift sandboxed containers 1.4.1 security update

Related Vulnerabilities: CVE-2020-24736   CVE-2021-46848   CVE-2022-1271   CVE-2022-1304   CVE-2022-2509   CVE-2022-3715   CVE-2022-28805   CVE-2022-34903   CVE-2022-35737   CVE-2022-36227   CVE-2022-40303   CVE-2022-40304   CVE-2022-47629   CVE-2023-0464   CVE-2023-0465   CVE-2023-0466   CVE-2023-1255   CVE-2023-1667   CVE-2023-2283   CVE-2023-2650   CVE-2023-3089   CVE-2023-24329   CVE-2023-26604  

Source

Synopsis

Moderate: OpenShift sandboxed containers 1.4.1 security update

Type/Severity

Security Advisory: Moderate

Topic

OpenShift sandboxed containers 1.4.1 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenShift sandboxed containers support for OpenShift Container Platform
provides users with built-in support for running Kata containers as an
additional, optional runtime.

This advisory contains a security update for OpenShift sandboxed containers, as well as bug fixes.

Security fix:

  • A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

For more information about the additional fixes in this release, see the Release Notes documentation:

https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64

Fixes

  • BZ - 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
  • KATA-2212 - operator, must-gather, and cloud-api-adapter dockerfiles use ubi8 base images
  • OCPBUGS-15175 - [Major Incident] CVE-2023-3089 osc-operator-container: openshift: OCP & FIPS mode [rhosc-1-4]
  • KATA-2121 - taints/tolerations from kata-monitor daemonset removed by reconciliation
  • KATA-2299 - 1.4.1 build showing 1.4.0 version

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started