Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2019-1851:01 Moderate: OpenShift Container Platform 3.11

    Date
    2865
    Posted By
    An update for atomic-openshift and jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 3.11 security update
    Advisory ID:       RHSA-2019:1851-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1851
    Issue date:        2019-07-24
    CVE Names:         CVE-2019-3876 CVE-2019-10337 CVE-2019-1002100 
    =====================================================================
    
    1. Summary:
    
    An update for atomic-openshift and jenkins-2-plugins is now available for
    Red Hat OpenShift Container Platform 3.11.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
    
    3. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Security Fix(es):
    
    * web-console: XSS in OAuth server /oauth/token/request endpoint
    (CVE-2019-3876)
    
    * jenkins-plugin-token-macro: XML External Entity processing the ${XML}
    macro (CVE-2019-10337)
    
    * kube-apiserver: DoS with crafted patch of type json-patch
    (CVE-2019-1002100)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For OpenShift Container Platform 3.11 see the following documentation for
    important instructions on how to upgrade your cluster and fully apply this
    asynchronous errata update:
    
    https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r
    elease_notes.html
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1683190 - CVE-2019-1002100 kube-apiserver: DoS with crafted patch of type json-patch
    1691107 - CVE-2019-3876 web-console: XSS in OAuth server /oauth/token/request endpoint
    1719782 - CVE-2019-10337 jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro
    
    6. Package List:
    
    Red Hat OpenShift Container Platform 3.11:
    
    Source:
    atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.src.rpm
    jenkins-2-plugins-3.11.1560870549-1.el7.src.rpm
    
    noarch:
    atomic-openshift-docker-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm
    atomic-openshift-excluder-3.11.129-1.git.0.bd4f2d5.el7.noarch.rpm
    jenkins-2-plugins-3.11.1560870549-1.el7.noarch.rpm
    
    ppc64le:
    atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-clients-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-hyperkube-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-hypershift-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-master-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-node-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-pod-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-sdn-ovs-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-template-service-broker-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    atomic-openshift-tests-3.11.129-1.git.0.bd4f2d5.el7.ppc64le.rpm
    
    x86_64:
    atomic-openshift-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-clients-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-clients-redistributable-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-hyperkube-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-hypershift-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-master-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-node-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-pod-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-sdn-ovs-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-template-service-broker-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    atomic-openshift-tests-3.11.129-1.git.0.bd4f2d5.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-3876
    https://access.redhat.com/security/cve/CVE-2019-10337
    https://access.redhat.com/security/cve/CVE-2019-1002100
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXTjHEtzjgjWX9erEAQgqfw//U6UJQqJVSUweOtTx5zCNKENa85DwKLhE
    QqD1LvwCi3i/96X4rvAU+nv2zK5qIqFZm7HBxiEdN4PdeDM2LSojOH2RiFJ1Hp2y
    WrL8LTYAsOhv6wqOdBHLJBhZulo+qj5KPCuZ6Fm70i4ksR8AMcAT5HXS8PqG3vVi
    Qtv+MqGcMdL9r26wj707mHsXPsqlgSzmPBJP5KNZEEm48dFHASojOnc+8gFWrhpU
    c+Sj9n0P2klIedUB8Zu+O2peTDOwIp3QngBT71s8jaKXzaLwbjHgxEI7fHSsm9se
    lf4Fj9QgtimrChawGyfwWS3q12TXmCACvE9YwUZ8VzYUtMaGwefslBBieveXoyAB
    dQSSrPd59ZurhM8Kl33yNDtmnt7hBmRgqbsKUMinE8fytAP/bjjMSNAdGry99pey
    ngrgdCpkD2O4+aWXcdQkUV3KKbCKO8mcT7kA+nrEt7ssHqjbdzSQyOSmTzIwQmiZ
    lWYceA4GWpbquIDtq33g0LsBcxzPSSM3kYrg1IJO0jHS5XJJ7q2o/ZFAMz0ret8J
    D0R3mcn/eazKI0L9GOy6gHxfUalVtnKPzUNMz++bYwHVuJaohbcQsICoofcTGCkP
    v6nt1clJHfABrbV5Go3kabiEJPV7H3ZzjyqEQXzwMDp8J4Yvj1H2QsDt6DwestKv
    bRMGGqs6VDM=
    =WOKP
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.