Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]

Related Vulnerabilities: CVE-2020-24736   CVE-2022-27191   CVE-2022-30629   CVE-2022-36227   CVE-2023-0361   CVE-2023-1667   CVE-2023-2283   CVE-2023-25173   CVE-2023-26604   CVE-2023-27535  

Source

Synopsis

Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]

Type/Severity

Security Advisory: Moderate

Topic

The components for Red Hat OpenShift support for Windows Containers 6.0.1 are now available. This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Security Fix(es):

  • golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
  • containerd: supplementary groups are not set up properly (CVE-2023-25173)
  • golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64

Fixes

  • BZ - 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
  • BZ - 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
  • BZ - 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
  • WINC-823 - Test generated community manifests in WMCO e2e
  • WINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite
  • OCPBUGS-3572 - Check if Windows defender is running doesnt work
  • OCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade
  • OCPBUGS-7726 - WMCO kubelet version not matching OCP payload's one
  • OCPBUGS-8055 - containerd version is being misreported
  • OCPBUGS-10418 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
  • OCPBUGS-11831 - oc adm node-logs failing in vSphere CI
  • OCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature
  • OCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started