RHSA-2021:0957: Moderate: OpenShift Container Platform 4.7.4 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.Red Hat OpenShift Container Platform is Red Hat's cloud computingKubernetes application platform solution designed for on-premise or privatecloud deployments.This advisory contains the container images for Red Hat OpenShift ContainerPlatform 4.7.4. See the following advisory for the RPM packages for thisrelease:https://access.redhat.com/errata/RHSA-2021:0958 Space precludes documenting all of the container images in this advisory.See the following Release Notes documentation, which will be updatedshortly for this release, for details about these changes:https://docs.openshift.com/container-platform/4.7/releasenotes/ocp-4-7-rel ease-notes.htmlThis update fixes the following bugs among others: A flaw was found in golang: crypto/elliptic, in which P-224 keys as generated could return incorrect inputs, which reduced the strength of the cryptography. The greatest threat to the system was confidentiality and integrity. (BZ#1918750) This update adds new capabilities to the Baremetal Operator, allowing for different reboot modes to be utilized. This allows workloads to be relocated as quickly as possible in the event of a node failure. Additionally, it provides a path for clients to quickly power down systems for remediation purposes and to recover workloads. As a result, workload recovery time is significantly reduced. (BZ#1936407) You may download the oc tool and use it to inspect release image metadataas follows:(For x8664 architecture)$ oc adm release infoquay.io/openshift-release-dev/ocp-release:4.6.20-x8664The image digest issha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129(For s390x architecture)$ oc adm release infoquay.io/openshift-release-dev/ocp-release:4.6.20-s390xThe image digest issha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c(For ppc64le architecture)$ oc adm release infoquay.io/openshift-release-dev/ocp-release:4.6.20-ppc64leThe image digest issha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9Security Fix(es): golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.All OpenShift Container Platform 4.7 users are advised to upgrade to theseupdated packages and images when they are available in the appropriaterelease channel. To check for available updates, use the OpenShift Consoleor the CLI oc command. Instructions for upgrading a cluster are availableathttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster between-minor.html#understanding-upgrade-channelsupdating-cluster-between minor.