RedHat: RHSA-2019-2594:01 Important: OpenShift Container Platform 4.1.14

    Date10 Sep 2019
    CategoryRed Hat
    372
    Posted ByLinuxSecurity Advisories
    An update is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: OpenShift Container Platform 4.1.14 security and bug fix update
    Advisory ID:       RHSA-2019:2594-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2594
    Issue date:        2019-09-10
    CVE Names:         CVE-2019-9512 CVE-2019-9514 CVE-2019-10206 
                       CVE-2019-10355 CVE-2019-10356 CVE-2019-10357 
                       CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 
                       CVE-2019-14817 CVE-2019-1010238 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat OpenShift Container Platform 4.1.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    This advisory contains the container images for Red Hat
    OpenShift Container Platform 4.1.14. All container images have been rebuilt
    with updated versions of golang. See the following advisory for the
    RPM packages for this release:
    
    https://access.redhat.com/errata/RHBA-2019:2660
    
    Security Fix(es):
    
    * HTTP/2: flood using PING frames results in unbounded memory growth
    (CVE-2019-9512)
    
    * HTTP/2: flood using HEADERS frames results in unbounded memory growth
    (CVE-2019-9514)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    This release also includes the following bugs: 
    
    * Previously, users would see an error in the web console when navigating
    to the ClusterResourceQuota instances from the CRD list. The problem has
    been fixed, and you can now successfully list ClusterResourceQuota
    instances from the CRD page. (BZ#1743259)
    
    Space precludes documenting all of the container images in this advisory.
    See the following Release Notes documentation, which will be updated
    shortly for this release, for details about these changes:
    
    https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel
    ease-notes.html
    
    You may download the oc tool and use it to inspect release image metadata
    as follows:
    
      $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.1.14
    
    The image digest is
    sha256:fd41c9bda9e0ff306954f1fd7af6428edff8c3989b75f9fe984968db66846231
    
    All OpenShift Container Platform 4.1 users are advised to upgrade to these
    updated packages and images.
    
    3. Solution:
    
    For OpenShift Container Platform 4.1 see the following documentation, which
    will be updated shortly for release 4.1.14, for important instructions on
    how to upgrade your cluster and fully apply this asynchronous errata
    update:
    
    https://docs.openshift.com/container-platform/4.1/release_notes/ocp-4-1-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.1/updating/updating-cluster
    - -cli.html.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1717794 - OLM operator does not properly define related resources
    1729510 - MCD does not wait for nodes to drain
    1735363 - must-gather should redact kubectl.kubernetes.io/last-applied-configuration in secrets
    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
    1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth
    1737156 - Report metrics on installed operators
    1737164 - OLM metrics should be scraped by telemeter
    1737386 - [4.1 backport] cannot access to the service's externalIP with egressIP in openshift-ovs-multitenant environment
    1740044 - ClusterOperator operator-lifecycle-manager/operator-lifecycle-manager-catalog missing ClusterStatusConditionType: Upgradeable
    1741067 - [4.1.z]node-tuning clusteroperator degraded reporting missing reason/detail information
    1741499 - [4.1] EgressIP doesn't work with NetworkPolicy unless traffic from default project is allowed
    1741694 - [4.1.z] (Backport) Systems with multiple nics fail to boot/complete an install.
    1743119 - cri-o package version in OpenShift repo should be consistent with RHCOS cluster used
    1743259 - cluster resource quota resource not visualized correctly
    1743418 - 59 degraded auth operators in telemeter
    1743587 - Pods stuck in container creating - Failed to run CNI IPAM ADD: failed to allocate for range 0
    1743748 - [4.1.z] ClusterOperator operator-lifecycle-manager missing ClusterStatusConditionType Upgradeable
    1743771 - machineconfig showing wrong ownerReferences kind for kubeletconfig
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-9512
    https://access.redhat.com/security/cve/CVE-2019-9514
    https://access.redhat.com/security/cve/CVE-2019-10206
    https://access.redhat.com/security/cve/CVE-2019-10355
    https://access.redhat.com/security/cve/CVE-2019-10356
    https://access.redhat.com/security/cve/CVE-2019-10357
    https://access.redhat.com/security/cve/CVE-2019-14811
    https://access.redhat.com/security/cve/CVE-2019-14812
    https://access.redhat.com/security/cve/CVE-2019-14813
    https://access.redhat.com/security/cve/CVE-2019-14817
    https://access.redhat.com/security/cve/CVE-2019-1010238
    https://access.redhat.com/security/updates/classification/#important
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXXfJtNzjgjWX9erEAQhb5g/7BEHu6qoHGV+JrT0gZ/LNnoqnIUy3ZcNA
    jai4wZgJ1xREXUHbb53RdqZHCORNu9V03W/3RyZs/7Itd71H8bUpxRZ8+nKOjRaz
    MrS0YTSBw7U/a8knsk7z4v9lXudGltt6fT7Q9J1ly0rjEEcOjX209PcFpvorso6f
    69W4enXlgWTieWZUREruJLY9v/P4t0SFJSAYTX9WVMUytuw/OfGMhXlAaIsXjxN9
    pxm7V/voD1/0DHDowjJTAsYlwQDJDh3UKB7NeoeMHUWl/gednRwDLTAR2JUog8dA
    uhKu/+a9BuT1LJuS5jDihClVissso+LXH+DW23il97KYDGf3sgOC3oTlyeCvRyGM
    +H06y3QPfbZ3tQo5CvFROpVgJfPJWMHZlZr5LDA3uAQUrvBrRLdpbEVOlzYXgMaG
    h9WFmw/Ttdlc6iUhF3tEl4FLOT5+2IRomiwHQUrkxUJEfVUhJ8+yY7L1onKr4lf9
    JyO4Czbu/37DMXA/ko6P9yfLjGlcz3LY6592Wfz0yjP1FtUatGy7+geT4sL8QiAs
    dvdCH5RK6jQZeFOupVLt49AN8K/1s7AlQB8aaeA2sS1aaJUwi8acE/ZHwjmOS9tG
    xOrtYn9tWMnq23pUCkru1E1W+Q4UGkwksVMAYGro91473JK3a/qU6ZjFnsoBxXpv
    Lu4r6Fl3xEU=
    =DkfT
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.