Issued:

2022-03-14

Updated:

2022-03-14

RHSA-2022:0855 - Moderate: OpenShift sandboxed containers 1.2.0 security update

Synopsis

Moderate: OpenShift sandboxed containers 1.2.0 security update

Type/Severity

Security Advisory Moderate

Topic

OpenShift sandboxed containers 1.2.0 is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description

OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime.

This advisory contains an update for OpenShift sandboxed containers with enhancements, security updates, and bug fixes.

Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/4.10/sandboxed_containers/sandboxed-containers-release-notes.html

Security Fixes:

• net/http: limit growth of header canonicalization cache (CVE-2021-44716)

• net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to: This page is not included, but the link has been rewritten to point to the nearest parent document.https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html

Affected Products

Fixes

• This content is not included.BZ - 1995656
• This content is not included.BZ - 2030801
• This content is not included.KATA-1015
• This content is not included.KATA-1019
• This content is not included.KATA-1027
• This content is not included.KATA-1118
• This content is not included.KATA-1134
• This content is not included.KATA-1183
• This content is not included.KATA-1184
• This content is not included.KATA-1189
• This content is not included.KATA-1190
• This content is not included.KATA-1195
• This content is not included.KATA-1205
• This content is not included.KATA-1219
• This content is not included.KATA-1222
• This content is not included.KATA-1224
• This content is not included.KATA-1225
• This content is not included.KATA-1247
• This content is not included.KATA-1288
• This content is not included.KATA-1334
• This content is not included.KATA-1340
• This content is not included.KATA-553
• This content is not included.KATA-588
• This content is not included.KATA-817
• This content is not included.KATA-1249
• This content is not included.KATA-1383

CVEs

• CVE-2021-36221
• CVE-2021-44716

References

• https://access.redhat.com/security/updates/classification/#moderate

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.