Bug 1952333 - openshift/kubernetes vulnerable to CVE-2021-3121
Summary: openshift/kubernetes vulnerable to CVE-2021-3121
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.8.0
Assignee: Joel Smith
QA Contact: Ke Wang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-22 04:59 UTC by Joel Smith
Modified: 2021-07-27 23:03 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 23:02:52 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift kubernetes pull 699 0 None open Bug 1952333: UPSTREAM: 101306: Additional CVE-2021-3121 fix 2021-04-22 05:02:02 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:03:13 UTC

Description Joel Smith 2021-04-22 04:59:43 UTC
Description of problem:

In addition to the vulnerabilities created by the buggy protobuf compiler, there is another instance where a protobuf handler was copied from old generated code, then modified by hand.  That instance also needs to be updated to fix CVE-2021-3121.

Comment 2 Ke Wang 2021-04-27 05:54:29 UTC
From PR https://github.com/openshift/kubernetes/pull/699, less thing QE can do, QE can mare sure if the PR is landed on the latest payload,

$ cd kubernetes/
$ git pull
$ oc login --token=<Tocken> --server=https://api.ci.l2s4.p1.openshiftapps.com:6443
$ docker login -u <github-id> -p $(oc whoami -t) registry.ci.openshift.org

$  oc adm release info --commits registry.ci.openshift.org/ocp/release:4.8.0-0.nightly-2021-04-26-151924 | grep hyper
  hyperkube                                      https://github.com/openshift/kubernetes                                     6143dea8e6a5046b467a67f7d1fda8e63833a2e7

$ git log --date=local --pretty="%h %an %cd - %s" 6143dea8 | grep ' #699 ' 
98e21e7baaa OpenShift Merge Robot Sun Apr 25 04:12:12 2021 - Merge pull request #699 from joelsmith/oomaster

The PR has been landed on the latest payload, so move the bug VERIFIED.

Comment 5 errata-xmlrpc 2021-07-27 23:02:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.