Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Red Hat Quay 3.0.2 Alert: RHSA-2019-1245-01 Moderate TLS/SSL Security Risk

red hat
Calendar Grey May 20, 2019
Dist Redhat Esm H88
Red Hat Quay 3.0.2 update addresses moderate security risks related to TLS and bug fixes.
An update is now available for Red Hat Quay 3

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Security Fix(es):
* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
Bug Fix(es):
* Running Quay in config mode now works in a disconnected option which doesn't require pulling resources from the Internet.
* Quay's security scan endpoint is now enabled at startup for viewing results of Clair container image scans.

Topics%20covered

Topics Covered

security advisory moderate bug fix man-in-the-middle attack TLS/SSL Red Hat Quay container registry

References

https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:1245-01
Product: Red Hat Quay
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1245
Issue date: 2019-05-20

Topic

An update is now available for Red Hat Quay 3.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Red Hat Quay is a secure, private container registry that builds, analyzesand distributes container images. It provides a high level of automationand customization.

Topics%20covered

Topics Covered

security advisory moderate bug fix man-in-the-middle attack TLS/SSL Red Hat Quay container registry

Relevant Releases Architectures

Bugs Fixed

1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

1709477 - Quay 3.0.2 errata

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here