Home / mailings [RHSA-2023:4025-01] Low: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]
Posted on 18 July 2023
RedHat===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]
Advisory ID: RHSA-2023:4025-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4025
Issue date: 2023-07-18
CVE Names: CVE-2022-36227 CVE-2023-0361 CVE-2023-25173
CVE-2023-27535
=====================================================================
1. Summary:
The components for Red Hat OpenShift support for Windows Containers 7.1.0
are now available. This product release includes bug fixes and security
updates for the following packages: windows-machine-config-operator and
windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
Red Hat OpenShift support for Windows Containers allows you to deploy
Windows container workloads running on Windows Server containers.
Security Fix(es):
* containerd: Supplementary groups are not set up properly (CVE-2023-25173)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
4. Bugs fixed (https://bugzilla.redhat.com/):
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
5. JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-10417 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace
OCPBUGS-10784 - In-tree storage for azure-file and vSphere is disabled
OCPBUGS-10933 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass "C:\k\windows-instance-config-daemon.exe cleanup -
OCPBUGS-10935 - Windows pods are unable to resolve DNS records for services
OCPBUGS-11667 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost
F0402 08:53:43.066039 4740 cleanup.go:56] nodes "winhost" is forbidden: User "system:serviceaccount:winc-namespace-test:windows-instance-config-daemon"
OCPBUGS-11785 - oc adm node-logs failing in vSphere CI
OCPBUGS-13790 - Segmentation Violation found in WMCO .ensureWICDSecretContent
OCPBUGS-14260 - Upgrade from WMCO 7.0.1 to 7.1.0 not working on Windows BYOH nodes: error waiting for proper windowsmachineconfig.openshift.io/version annotation for node
OCPBUGS-14445 - Instance configurations fails on Windows Server 2019 without the container feature
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
OCPBUGS-7336 - WMCO kubelet version not matching OCP payload's one
OCPBUGS-7843 - containerd version is being misreported
OCPBUGS-8037 - Directory deletion errors are being ignored when deconfiguring Windows instances
OCPBUGS-8056 - WMCO is unable to drain DaemonSet workloads
OCPBUGS-8085 - Hybrid Overlay logfile is in use and cannot be deleted
WINC-1037 - Windows Server 2019 CI coverage
WINC-981 - Red Hat OpenShift support for Windows Containers 7.0.1 Post Release
WINC-983 - [e2e] Ensure required log files are non-empty
6. References:
https://access.redhat.com/security/cve/CVE-2022-36227
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-25173
https://access.redhat.com/security/cve/CVE-2023-27535
https://access.redhat.com/security/updates/classification/#low
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.