Bug 2225404

Summary: OSE version 4.12 is not including the OPM package which have a fix for containerd vulnerability - CVE-2022-23471
Product: Red Hat Enterprise Linux 8 Reporter: Gandhimathy <gandhi.srini>
Component: osbuild-composerAssignee: Image Builder team <osbuilders>
Status: NEW --- QA Contact: Release Test Team <release-test-team>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.8   
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gandhimathy 2023-07-25 09:06:10 UTC 
Description of problem:
OSE version 4.12 is not including the OPM level which containerd vulnerablity fix.

Problem: 
'CVE-2022-23471' vulnerability is reported in containerd packages. (containerd	v1.6.3)

The OPM package which in present in OSE 4.12 is not having the fix for this vulnerability. 

Vulnerable version: OSE 4.12 which bundles containerd v 1.6.3

Fixed in 1.6.12, 1.5.16	go	
Check in the OPM version which could bundle the

https://github.com/operator-framework/operator-registry/releases/tag/v1.27.0


Expected results: Update OSE 4.12 wich include fix for the vulnerability CVE-2022-23471