Red Hat releases patch for OpenShift fixing numerous vulnerabilities

Red Hat OpenShift Data Foundation 4.13.0 has received an important security and bug fix update. The update includes updated images with various enhancements, security improvements, and bug fixes. These updated images are now available in the Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9.

The security fixes included in this update address various vulnerabilities, such as randomization issues in goutils, input validation vulnerabilities in decode-uri-component, authentication bypass vulnerabilities in Hashicorp Vault, denial of service vulnerabilities in various components, improper handling of certificates and URIs in nodejs, memory consumption issues in Go packages, and other security vulnerabilities. For detailed information about each security issue, including the impact and CVSS score, please refer to the CVE pages listed in the References section.

All users of Red Hat OpenShift Data Foundation 4 are strongly recommended to upgrade to these updated images, as they provide important bug fixes and enhancements. The affected products include

• Red Hat OpenShift Data Foundation 4 for RHEL 9 x86_64, R
• ed Hat OpenShift Data Foundation for IBM Power (little endian) 4 for RHEL 9 ppc64le,
• Red Hat OpenShift Data Foundation for IBM Z
• LinuxONE 4 for RHEL 9 s390x,
• Red Hat OpenShift Data Foundation for RHEL 9 ARM 4 aarch64.

The update also includes fixes for several known issues, such as incorrect version reporting in the UI, wrong versions of storage clusters, storage not being reclaimed after deletion of persistent volume claims and associated jobs, connection issues with KMS servers, user experience issues and enhancements, uninstallation failures, security vulnerabilities in various components, metrics collection issues, and various other bug fixes.

To obtain the updated images and apply the necessary fixes, users should follow the instructions provided by Red Hat.