Moderate: Red Hat OpenShift Data Foundation 4.12.10 Bug Fix Update

Topic

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.10 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.

Description

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenShift Data Foundation 4 for RHEL 8 x86_64
• Red Hat OpenShift Data Foundation for IBM Power, little endian 4 for RHEL 8 ppc64le
• Red Hat OpenShift Data Foundation for IBM Z and LinuxONE 4 for RHEL 8 s390x

Fixes

• BZ - 2126299 - CVE-2021-3765 validator: Inefficient Regular Expression Complexity in Validator.js
• BZ - 2244765 - Update the ceph image to RHCS-5.3.z5 in ODF-4.12
• BZ - 2246334 - [4.12.z clone][MCG] RPC method "list_objects" fails with "RPC: object.list_objects() Call failed: failed to WebSocket dial"
• BZ - 2247112 - Include at ODF 4.12 container images (7) the RHEL CVE fix on "python3"

CVEs

• CVE-2007-4559
• CVE-2020-12762
• CVE-2021-3765
• CVE-2023-4641
• CVE-2023-22745

References

• https://access.redhat.com/security/updates/classification/#moderate