ID

VAR-202206-1106

CVE

CVE-2022-21123

TITLE

Red Hat Security Advisory 2022-6872-01

DESCRIPTION

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5505-1 July 07, 2022 linux-lts-xenial, linux-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: linux-image-4.4.0-1110-kvm 4.4.0-1110.120 linux-image-kvm 4.4.0.1110.107 Ubuntu 14.04 ESM: linux-image-4.4.0-229-generic 4.4.0-229.263~14.04.1 linux-image-4.4.0-229-lowlatency 4.4.0-229.263~14.04.1 linux-image-generic-lts-xenial 4.4.0.229.199 linux-image-lowlatency-lts-xenial 4.4.0.229.199 linux-image-virtual-lts-xenial 4.4.0.229.199 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5505-1 CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685, CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330, CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-24958, CVE-2022-28356, CVE-2022-28388 . Bugs fixed (https://bugzilla.redhat.com/): 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 5. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 2024946 - Ingress Canary does not respect router sharding on default IngressController 2104825 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule 2108214 - Route status isn't always getting cleared with routeSelector updates 2108595 - etcd Dashboard should be removed on guest cluster of hypershift 2109193 - Power VS machine Processor is always defaulted to 0.5 2109887 - [UI] MultiClusterHub details after it's creation starts flickers, disappears and appears back (happened twice) 2110528 - Route status isn't always getting cleared with routeSelector updates 2111345 - should use the same value for AlertRelabelConfig with oc explain 2117424 - Backport: https://github.com/openshift/kubernetes/pull/1295 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-1007 - CVE-2021-3121 telemeter-container: [1924548] telemeter-container: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation [openshift-4] OCPBUGS-1070 - Update ODC owners OCPBUGS-1104 - package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgrade OCPBUGS-1145 - Bug 2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated OCPBUGS-1233 - [IPI] nodelink controller is not able to reconcile and match nodes and machines with logical interfaces defined by nmstate at baremetalhost creation OCPBUGS-1261 - Backport: https://github.com/openshift/kubernetes/pull/1295 OCPBUGS-393 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created OCPBUGS-455 - [vsphere] update install-config description for diskType OCPBUGS-524 - Plugin page error boundary message is not cleared after leaving page OCPBUGS-668 - Prefer local dns does not work expectedly on OCPv4.11 OCPBUGS-744 - [4.11] Spoke BMH stuck ?provisioning? after changing a BIOS attribute via the converged workflow OCPBUGS-746 - [4.11] Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag OCPBUGS-747 - [4.11] Disconnected IPI OCP cluster install on baremetal fails when hostname of master nodes does not include the text "master 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2022:5937-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5937 Issue date: 2022-08-09 CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Bug Fix(es): * SolarFlare sfc spurious TX completion (BZ#1793280) * Page allocation failure on cryptsetup open (BZ#2072970) * The kernel-rt crashes where one task is indefinitely looping in __start_cfs_bandwidth() with the cfs_b->lock spinlock being held (BZ#2077346) * While using PTimekeeper the qede driver produces excessive log messages (BZ#2080646) * The kernel crashes due to a GPF happens in mutex_spin_on_owner(). The known RDMA/cma bug that was introduced with a patch from upstream commit 722c7b2bfead is the possible cause. (BZ#2085425) * Running LTP testcase creat09 fails showing related to 'cve-2018-13405' (BZ#2089360) * Crash when releasing inode which was on unmouted superblock (BZ#2096884) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.76.1.el7.noarch.rpm kernel-doc-3.10.0-1160.76.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.76.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64.rpm perf-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.76.1.el7.noarch.rpm kernel-doc-3.10.0-1160.76.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.76.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64.rpm perf-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.76.1.el7.noarch.rpm kernel-doc-3.10.0-1160.76.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.76.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-3.10.0-1160.76.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.76.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.76.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.76.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.76.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.ppc64.rpm perf-3.10.0-1160.76.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm python-perf-3.10.0-1160.76.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.76.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.ppc64le.rpm perf-3.10.0-1160.76.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm python-perf-3.10.0-1160.76.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.76.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm kernel-3.10.0-1160.76.1.el7.s390x.rpm kernel-debug-3.10.0-1160.76.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.76.1.el7.s390x.rpm kernel-devel-3.10.0-1160.76.1.el7.s390x.rpm kernel-headers-3.10.0-1160.76.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.76.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.76.1.el7.s390x.rpm perf-3.10.0-1160.76.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm python-perf-3.10.0-1160.76.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.76.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64.rpm perf-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.76.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.76.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.76.1.el7.noarch.rpm kernel-doc-3.10.0-1160.76.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.76.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.76.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64.rpm perf-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.76.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYvKiCNzjgjWX9erEAQgz2A/+O9gKIbQCWne03iCkr+RZwdgghaS4zC6Z 8/iPJhQf3ZKdVQ1/otcA4SK+AwazrjOJx5Dnn5kTY+5Vc/xJQ0/lX5wmWggzZxgz tX+f/BDwU47c7Ie1oXHgIalaVZ3jzIXS9fWuKcry9uLP9QoXPuWSj+eP1Cm3wiLW +xY5AKIIhFHE7UYc2U3hNfBVy15dcGiTeVHr/Mmk9/fTFu88RgSuZPWiUi+MJAo+ U2UfnpCkom7isYR86HP44uGc2BZf2pRqi4b/iICVHA/dV93FZ1ldlS6fZIIXTYxV 8RtRakX9yrB4OLtpIFYpWQth04H+h5gMAiam7MZws8VtjYgWYcwU8kPhS+hf0W4I uEd1fRU0F7QYrgjrxioPMW7ImPuklDtUELq3laXHyy+wDs3deZQ9csGWCqaPyTkK /jnnWMAQzB6ZYX4bmXwFtkAEmA7Dx3S4DP6SMW0yt7y+xmg2WGP8SHp3nxBlqbbv nOpY35/HWQpKsYU91Z0i/DN/BmDnmsMOqEU6bAYnGZezbwUnl+OlKF2DoAaQLvBQ aVfHcXhKLL1nRI8HNt98YxJHaf4dtTJCSCWnO/xdaZcDkCWMCReB2PGxzL5MEbTc 7pOvB7yANf+aztsAee3dOCZTMnDDh10mgb+NelQgR5nQRxYpw7YY3JCwy/bSO3Na btaLByp4p3I=VyEw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:7873 Space precludes documenting all of the container images in this advisory. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, and ppc64le architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags The sha values for the release are: (For x86_64 architecture) The image digest is sha256:ac2bbfa7036c64bbdb44f9a74df3dbafcff1b851d812bf2a48c4fabcac3c7a53 (For s390x architecture) The image digest is sha256:ac2c74a664257cea299126d4f789cdf9a5a4efc4a4e8c2361b943374d4eb21e4 (For ppc64le architecture) The image digest is sha256:53adc42ed30ad39d7117837dbf5a6db6943a8f0b3b61bc0d046b83394f5c28b2 All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2077100 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-2205 - Prefer local dns does not work expectedly on OCPv4.8 OCPBUGS-2347 - [cluster-api-provider-baremetal] fix 4.8 build OCPBUGS-2577 - [4.8] ETCD Operator goes degraded when a second internal node ip is added OCPBUGS-2773 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name OCPBUGS-2989 - [4.8] cri-o should report the stage of container and pod creation it's stuck at 6. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

bypass

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-20T22:14:22.405000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE