- Issued:
- 2022-07-20
- Updated:
- 2022-07-20
RHSA-2022:5673 - Important: Release of containers for OSP 16.2.z director operator tech preview
Synopsis
Important: Release of containers for OSP 16.2.z director operator tech preview
Type/Severity
Security Advisory Important
Topic
Red Hat OpenStack Platform 16.2 (Train) director operator containers, with several Important security fixes, are available for technology preview.
Description
Release osp-director-operator images
Security Fix(es):
- go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
- go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
- go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
- go-getter: command injection vulnerability [Important] (CVE-2022-26945)
- golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565)
- containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103)
Solution
OSP 16.2 Release - OSP Director Operator Containers tech preview
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenStack | 16.2 | x86_64 |
Fixes
- This content is not included.BZ - 2011007
- This content is not included.BZ - 2030787
- This content is not included.BZ - 2092918
- This content is not included.BZ - 2092923
- This content is not included.BZ - 2092925
- This content is not included.BZ - 2092928
CVEs
- CVE-2021-3634
- CVE-2021-3737
- CVE-2021-4189
- CVE-2021-40528
- CVE-2021-41103
- CVE-2021-43565
- CVE-2022-1271
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-22576
- CVE-2022-25313
- CVE-2022-25314
- CVE-2022-26945
- CVE-2022-27774
- CVE-2022-27776
- CVE-2022-27782
- CVE-2022-29824
- CVE-2022-30321
- CVE-2022-30322
- CVE-2022-30323
References
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2022:4991
- This content is not included.This content is not included.https://access.redhat.com/containers
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.