Description of problem: In addition to the vulnerabilities created by the buggy protobuf compiler, there is another instance where a protobuf handler was copied from old generated code, then modified by hand. That instance also needs to be updated to fix CVE-2021-3121.
From PR https://github.com/openshift/kubernetes/pull/699, less thing QE can do, QE can mare sure if the PR is landed on the latest payload, $ cd kubernetes/ $ git pull $ oc login --token=<Tocken> --server=https://api.ci.l2s4.p1.openshiftapps.com:6443 $ docker login -u <github-id> -p $(oc whoami -t) registry.ci.openshift.org $ oc adm release info --commits registry.ci.openshift.org/ocp/release:4.8.0-0.nightly-2021-04-26-151924 | grep hyper hyperkube https://github.com/openshift/kubernetes 6143dea8e6a5046b467a67f7d1fda8e63833a2e7 $ git log --date=local --pretty="%h %an %cd - %s" 6143dea8 | grep ' #699 ' 98e21e7baaa OpenShift Merge Robot Sun Apr 25 04:12:12 2021 - Merge pull request #699 from joelsmith/oomaster The PR has been landed on the latest payload, so move the bug VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438