RedHat: RHSA-2019-1245:01 Moderate: Red Hat Quay 3.0.2 security and bug fix

    Date20 May 2019
    CategoryRed Hat
    3277
    Posted ByLinuxSecurity Advisories
    An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat Quay 3.0.2 security and bug fix update
    Advisory ID:       RHSA-2019:1245-01
    Product:           Red Hat Quay
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1245
    Issue date:        2019-05-20
    CVE Names:         CVE-2016-2183 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat Quay 3.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    Red Hat Quay is a secure, private container registry that builds, analyzes
    and distributes container images. It provides a high level of automation
    and customization.
    
    2. Description:
    
    Security Fix(es):
    
    * A flaw was found in the way the DES/3DES cipher was used as part of the
     TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to
    recover some plaintext data by capturing large amounts of encrypted traffic
    between TLS/SSL server and client if the communication used a DES/3DES
    based ciphersuite. (CVE-2016-2183)
    
    Bug Fix(es):
    
    * Running Quay in config mode now works in a disconnected option which
    doesn't require pulling resources from the Internet.
    
    * Quay's security scan endpoint is now enabled at startup for viewing
    results of Clair container image scans.
    
    3. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    For details on how to apply this update, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
    1709477 - Quay 3.0.2 errata
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2016-2183
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXOK1+NzjgjWX9erEAQj8lw/9HkhrDq68jPy/WROEIWfY1rhl9XnGqsPS
    zR1XfSzTNW4C4/VMIbGQM3jaALgMu99jJW02pQZJgNAdvCJFN5hloaLvnTbamzVw
    G1c4Jl1yPCtM0PPRdFYlrdZL9mFTU3yWRNwxZhPrJW98omqNlg8MbBh6Hkfo2zEn
    e7Kb+FbEq0vX+0+aa0G6jUZuUSBrk5jPvFOdtyZmYWL3FB3lhsthL5aSQaLfjX+k
    VrWKRX3gkNtxVD7Aj/9PuqPBKmzWB8jKJQKzy3oQ6H8dA7WbruwI+CQKESyH3x19
    S1la6DEX8y2+a7UksGYnwlvEryA7RXbqwOFfi20XUjxUtG9gcOI19L5+JSIkJG8p
    iGPvS+xEFXJ6nGQNgM1og51fB6lcPCFzV5bjQxyCmqFBXcRLwkrN8pH4Uciecnly
    O7nldcSyWXM79UObVF9pKJpdpx4h4DB3UlXeT69p5aOhoQK19rZoIuRkW5vZFgkD
    SvR4nvG+wyq5TuMHondLXWvCTjms2Vz9qDTD8iP5T7LhZlo3VX1I9Qdo5puwBVZp
    UbigI/c3hH39keRWApK8CDTQFelFx3O4mpl41UuLUuGWYwsqXvHH7GY4uRbyY+PL
    ouAwvyvUF1aBEk0wBs0SrINNBU54vbGAMxPEN8mb6P5wrM6RFA0FlOmLUv1Iw9o7
    9MxaZn201Tw=
    =39Kt
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.