RHSA-2021:0429: Important: OpenShift Container Platform 4.5.33 packages and security update
First published: Wed Mar 03 2021(Updated: )
Red Hat OpenShift Container Platform is Red Hat's cloud computing<br>Kubernetes application platform solution designed for on-premise or private<br>cloud deployments.<br>This advisory contains the RPM packages for Red Hat OpenShift Container<br>Platform 4.5.33. See the following advisory for the container images for<br>this release:<br><a href="https://access.redhat.com/errata/RHSA-2021:0428" target="_blank">https://access.redhat.com/errata/RHSA-2021:0428</a> Security Fix(es):<br><li> jenkins: XSS vulnerability in notification bar (CVE-2021-21603)</li> <li> jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)</li> <li> jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)</li> <li> jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)</li> <li> jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)</li> <li> jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)</li> <li> ant: insecure temporary file vulnerability (CVE-2020-1945)</li> <li> ant: insecure temporary file (CVE-2020-11979)</li> <li> jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)</li> <li> jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)</li> <li> jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)</li> <li> jenkins: Filesystem traversal by privileged users (CVE-2021-21615)</li> <li> jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/conmon | <2.0.21-1.rhaos4.5.el8 | 2.0.21-1.rhaos4.5.el8 |
| redhat/machine-config-daemon | <4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 | 4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 |
| redhat/openshift | <4.5.0-202102050524.p0.git.0.9229406.el8 | 4.5.0-202102050524.p0.git.0.9229406.el8 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el8 | 4.5.0-202102051529.p0.git.3612.61b096a.el8 |
| redhat/runc | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/conmon | <2.0.21-1.rhaos4.5.el8 | 2.0.21-1.rhaos4.5.el8 |
| redhat/machine-config-daemon | <4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 | 4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el8 | 4.5.0-202102051529.p0.git.3612.61b096a.el8 |
| redhat/openshift-clients-redistributable | <4.5.0-202102051529.p0.git.3612.61b096a.el8 | 4.5.0-202102051529.p0.git.3612.61b096a.el8 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el8 | 4.5.0-202102050524.p0.git.0.9229406.el8 |
| redhat/runc | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/runc-debuginfo | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/runc-debugsource | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/conmon | <2.0.21-1.rhaos4.5.el7 | 2.0.21-1.rhaos4.5.el7 |
| redhat/jenkins | <2.263.3.1612434332-1.el7 | 2.263.3.1612434332-1.el7 |
| redhat/openshift | <4.5.0-202102050524.p0.git.0.9229406.el7 | 4.5.0-202102050524.p0.git.0.9229406.el7 |
| redhat/openshift-ansible | <4.5.0-202102031005.p0.git.0.c6839a2.el7 | 4.5.0-202102031005.p0.git.0.c6839a2.el7 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el7 | 4.5.0-202102051529.p0.git.3612.61b096a.el7 |
| redhat/conmon | <2.0.21-1.rhaos4.5.el7 | 2.0.21-1.rhaos4.5.el7 |
| redhat/jenkins | <2.263.3.1612434332-1.el7 | 2.263.3.1612434332-1.el7 |
| redhat/openshift-ansible | <4.5.0-202102031005.p0.git.0.c6839a2.el7 | 4.5.0-202102031005.p0.git.0.c6839a2.el7 |
| redhat/openshift-ansible-test | <4.5.0-202102031005.p0.git.0.c6839a2.el7 | 4.5.0-202102031005.p0.git.0.c6839a2.el7 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el7 | 4.5.0-202102051529.p0.git.3612.61b096a.el7 |
| redhat/openshift-clients-redistributable | <4.5.0-202102051529.p0.git.3612.61b096a.el7 | 4.5.0-202102051529.p0.git.3612.61b096a.el7 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el7 | 4.5.0-202102050524.p0.git.0.9229406.el7 |
| redhat/conmon | <2.0.21-1.rhaos4.5.el8 | 2.0.21-1.rhaos4.5.el8 |
| redhat/machine-config-daemon | <4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 | 4.5.0-202102050524.p0.git.2594.ff3b8c0.el8 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el8 | 4.5.0-202102051529.p0.git.3612.61b096a.el8 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el8 | 4.5.0-202102050524.p0.git.0.9229406.el8 |
| redhat/runc | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/runc-debuginfo | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/runc-debugsource | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/conmon | <2.0.21-1.rhaos4.5.el7 | 2.0.21-1.rhaos4.5.el7 |
| redhat/openshift-clients | <4.5.0-202102051529.p0.git.3612.61b096a.el7 | 4.5.0-202102051529.p0.git.3612.61b096a.el7 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el7 | 4.5.0-202102050524.p0.git.0.9229406.el7 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el8 | 4.5.0-202102050524.p0.git.0.9229406.el8 |
| redhat/runc-debuginfo | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/runc-debugsource | <1.0.0-72.rhaos4.5.giteadfc6b.el8 | 1.0.0-72.rhaos4.5.giteadfc6b.el8 |
| redhat/openshift-hyperkube | <4.5.0-202102050524.p0.git.0.9229406.el7 | 4.5.0-202102050524.p0.git.0.9229406.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1837444
- https://bugzilla.redhat.com/show_bug.cgi?id=1903702
- https://bugzilla.redhat.com/show_bug.cgi?id=1921322
- https://bugzilla.redhat.com/show_bug.cgi?id=1925140
- https://bugzilla.redhat.com/show_bug.cgi?id=1925141
- https://bugzilla.redhat.com/show_bug.cgi?id=1925143
- https://bugzilla.redhat.com/show_bug.cgi?id=1925145
- https://bugzilla.redhat.com/show_bug.cgi?id=1925151
- https://bugzilla.redhat.com/show_bug.cgi?id=1925156
- https://bugzilla.redhat.com/show_bug.cgi?id=1925157
- https://bugzilla.redhat.com/show_bug.cgi?id=1925159
- https://bugzilla.redhat.com/show_bug.cgi?id=1925160
- https://bugzilla.redhat.com/show_bug.cgi?id=1925161
- https://bugzilla.redhat.com/show_bug.cgi?id=1925678
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/errata/RHSA-2021:0429 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2021:0429
- agent/software-canonical-lookup
- package-manager/redhat