Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44379

OpenShift 4.14.40 downgrades libreswan to an older version with CVE exposure

XMLWordPrintable

    • None
    • SDN Sprint 262
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Customers upgrading to 4.14.40 will be exposed with the following vulnerabilities exist for packages in ovnk container:
          Important CVE-2023-2295 RHSA-2023:3148
          Important CVE-2023-30570 RHSA-2023:2120
          Moderate CVE-2023-23009 RHSA-2023:2633
          Moderate CVE-2024-2357 RHSA-2024:2085
          Moderate CVE-2024-3652 RHSA-2024:4431
      Show
      Customers upgrading to 4.14.40 will be exposed with the following vulnerabilities exist for packages in ovnk container:     Important CVE-2023-2295 RHSA-2023:3148     Important CVE-2023-30570 RHSA-2023:2120     Moderate CVE-2023-23009 RHSA-2023:2633     Moderate CVE-2024-2357 RHSA-2024:2085     Moderate CVE-2024-3652 RHSA-2024:4431
    • CVE - Common Vulnerabilities and Exposures
    • In Progress

      Fixing OCPBUGS-42952 via https://github.com/openshift/ovn-kubernetes/pull/2323 in OpenShift 4.14.40 pinned libreswan back from latest RHEL 9.2.z version to libreswan-4.5-1.el9 which image scanning has informed us introduced CVE exposure regressions listed below.

      The following known vulnerabilities exist for packages in this container:

      We need to unpin this package so that we don't regress on CVE fixes while addressing functional issues. In the set of customers that are known to be affected by the function issue we can work with them to help them decide the appropriate path forward.

              zshi@redhat.com Zenghui Shi
              rhn-support-sdodson Scott Dodson
              Huiran Wang Huiran Wang
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: