RHEL 8 has shipped on 23 January 2023 "sudo" security update RHSA with fix for "Important" CVE = RHSA-2023:0284 - Security Advisory == https://access.redhat.com/errata/RHSA-2023:0284 = CVE-2023-22809 == https://access.redhat.com/security/cve/CVE-2023-22809 = RPM Errata == https://errata.devel.redhat.com/advisory/108320 = Updated builds with fixes for CVE == sudo-1.8.29-8.el8_7.1 ODF 4.10 Container images are impacted by the CVE, and needs re-spin to include the updated packages. Being "Important" CVE, the number of days to ship the Container images with fixes is 30 days after fixes have been shipped at RHEL. So the mandatory due date to ship the ODF 4.10 Container images with updated packages is 23 February 2023, to prevent CHI scores (Health Score) from dropping to grade C.
Please find below container names and sudo rpm version with it ceph-crash - sudo-1.8.29-8.el8.x86_64 core - no sudo rpm pacakge csi-addons - no sudo rpm pacakge csi-attacher - no sudo rpm pacakge csi-provisioner -no sudo rpm pacakge csi-resizer -> no sudo rpm pacakge csi-snapshotter -> no sudo rpm pacakge db -> no sudo rpm pacakge driver-registrar -> no sudo rpm pacakge endpoint -no sudo rpm pacakge java-s3 -no sudo rpm pacakge kube-rbac-proxy -> no sudo rpm pacakge log-collector -> sudo-1.8.29-8.el8.x86_64 manager -> no sudo rpm pacakge mdssudo-1.8.29-8.el8.x86_64 mgr sudo-1.8.29-8.el8.x86_64 mon -> no sudo rpm pacakge noobaa-operator no sudo rpm package ocs-metrics-exporter -> sudo-1.8.29-8.el8.x86_64 ocs-operator-> no sudo rpm pacakge odf-console _>no sudo rpm pacakge osd sudo-1.8.29-8.el8.x86_64 rook ceph tools sudo-1.8.29-8.el8_7.1.x86_64 rook ceph operator sudo-1.8.29-8.el8_7.1.x86_64 csi-rbdplugin -> sudo-1.8.29-8.el8_7.1.x86_64 csi-cephfsplugin sudo-1.8.29-8.el8_7.1.x86_64 Closing the bug as sudo is updated in relevant pod/containers
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Data Foundation 4.10.10 Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:0827