The fix to 'Important' CVE on "openssl" shipped by RHEL7 is to be included at OCS 4, through inclusion of the relevant updated "openssl" package(s) at respin of the impacted OCS Container image. = RHSA-2020:5566 - Security Advisory == https://access.redhat.com/errata/RHSA-2020:5566 = CVE-2020-1971 == https://access.redhat.com/security/cve/CVE-2020-1971 = Updated openssl build == openssl-1.0.2k-21.el7_9 = Impacted OCS 4.x Container image == OCS OLM Operator = Impacted packages at OCS 4.x Container image == openssl-libs-1.0.2k-19.el7.x86_64
FYI: We no longer ship OCS OLM Operator (or attach it to an errata) since we switched to operator bundles. Do we have any other impacted RHEL 7 builds or can we close this?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Container Storage 4.6.1 container bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0140