RHSA-2022:0308: Moderate: OpenShift Container Storage 3.11.z security and bug fix update
The OpenShift Container Storage solution provides persistent storageservice for OpenShift Containers and OpenShift Infrastructure services.Security Fix(es): golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): With this update, the Heketi packages are upgraded to upstream version 10.4.0. (BZ#2012287) All users of OpenShift Container Storage 3.11 are advised to upgrade to these updated packages, which fix these bugs.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0308?
The severity of RHSA-2022:0308 is categorized as important.
How do I fix RHSA-2022:0308?
To resolve RHSA-2022:0308, update the affected packages to version 10.4.0-2.el7.
Which components are affected by RHSA-2022:0308?
The affected components include heketi, heketi-client, and python-heketi.
What vulnerabilities are addressed in RHSA-2022:0308?
RHSA-2022:0308 addresses vulnerabilities including CVE-2021-3114 related to incorrect operations on the P-224 curve.
Is it necessary to reboot after applying the fix for RHSA-2022:0308?
A reboot is not typically required after applying the fix for RHSA-2022:0308 unless specified in the update instructions.