-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Advisory ID:       RHSA-2023:2023-01
Product:           RHODF
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:2023
Issue date:        2023-04-26
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4304 
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-40186 
                   CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 
                   CVE-2023-23916 
====================================================================
1. Summary:

Updated images that fix several bugs are now available for Red Hat
OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat
Container Registry.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat
OpenShift Data Foundation is a highly scalable, production-grade persistent
storage for stateful applications running in the Red Hat OpenShift
Container Platform. In addition to persistent storage, Red Hat OpenShift
Data Foundation provisions a multicloud data management service with an S3
compatible API.

Security Fix(es):

* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same
Name Assigned To The Same Entity (CVE-2022-40186)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All users of Red Hat OpenShift Data Foundation are advised to upgrade to
these updated images, which provide several bug fixes.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2171965 - [4.11 clone] Secrets are used in env variables
2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv
2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs
2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735
https://access.redhat.com/security/cve/CVE-2021-28861
https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4415
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-40186
https://access.redhat.com/security/cve/CVE-2022-40897
https://access.redhat.com/security/cve/CVE-2022-45061
https://access.redhat.com/security/cve/CVE-2022-48303
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZEkQztzjgjWX9erEAQgqiQ//QNYPbRoFnC155vDFDqfb/Xen4MISMAL3
0ttVhQtlpAFvDpawOGKSU6VpSg5RTdjMebmGdJ33CiP/BQTyU+jA0jwVFlo47mqi
gfMKWhyn36+Y/Jy/n3QAbM3AoZpojuqHHac+nu5PipUVo2qUe8CvqG/yqb/bx/0P
mAMpbC2CWead2YRsWRAyTtwODCp5LV12X9zKQN4lLd04KEsYHBxKM4FnMA/FuY25
j39k/hGLvH7bH45okcnE/36aiGtiwPMnpg8Vilt0kBCGlSZTnhbs1wrJ7rsdoECi
+g2jA62Rfnb4I8/u9L16RZeKagM76nNlkeCPvgW7SyXOcuHiE/uK3e6XkrqxT9I/
v1bjt7w3KVuJKIz48XOsIVnUZ6XpbMdHUQAmTjYOBR59Fpjh3eKlV294XY97FqSk
LWH9PC6A347xrwEPx8A0xtVAYH91Kxn2IL5qHB9NxQpUffZhBHj5er8gowIpGvUN
PyhjibxA38UFhNNVYvgDNFC547V56KlJGwczuTAMVdyVLCPId86Rvo3PqM1gv567
iS14t91UNPWhkPkfibQy+jnI2YJuIKjuDYEIBto3Ys4Zmf8ha2WKx8B+PN7KNe8R
0z6xsMUrj+CHbBkuq1rPE+CW0XbXqsb1vRP2H2ucTByStag163Ll833x//FvOE/l
SN9bgU5rjbk=T/2V
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-2023:01 Important: Red Hat OpenShift Data Foundation

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red Hat Container Registry

Summary

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity (CVE-2022-40186)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide several bug fixes.

Summary

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-40186 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification/#important

Package List

Severity

Advisory ID: RHSA-2023:2023-01

Product: RHODF

Advisory URL: https://access.redhat.com/errata/RHSA-2023:2023

Issued Date: : 2023-04-26

CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-4304 CVE-2022-4415 CVE-2022-4450 CVE-2022-40186 CVE-2022-40897 CVE-2022-45061 CVE-2022-48303 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-23916

Topic

Updated images that fix several bugs are now available for Red HatOpenShift Data Foundation 4.11.7 on Red Hat Enterprise Linux 8 from Red HatContainer Registry.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Bugs Fixed

2171965 - [4.11 clone] Secrets are used in env variables

2176012 - [ODF 4.11] Move the defaults for rookceph operator from configmap to csv

2181405 - CVE-2022-40186 vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity

2183683 - [ODF 4.11] Deployment of ODF 4.9 over external mode failing with: panic: assignment to entry in nil map in ocs-operator logs

2186456 - Include at ODF 4.11 container images the RHEL8 CVE fix on "openssl"

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12

3 - 5 min read

Dec 06, 2024

The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This

A Linux Admin

A Linux Admin's Guide to Tackling Emerging Cloud-Native Security Risks

3 - 6 min read

Dec 05, 2024

As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,

Leveraging Insights from the Linux Foundation

Leveraging Insights from the Linux Foundation's Census III Report for More Secure Linux Administration

3 - 5 min read

Dec 05, 2024

The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

3 - 6 min read

Dec 04, 2024

Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security

From Wayland Fixes to Security Boosts: Examining Qt 6.8.1

From Wayland Fixes to Security Boosts: Examining Qt 6.8.1's Impact on Linux Administration

3 - 6 min read

Dec 03, 2024

The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application

Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins

Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins

3 - 6 min read

Dec 03, 2024

The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline

Deck the Halls with Enhanced Security: Linux Kernel 6.13

Deck the Halls with Enhanced Security: Linux Kernel 6.13's Top Features & Improvements

3 - 5 min read

Dec 02, 2024

As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions

3 - 5 min read

Dec 02, 2024

New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved