RedHat: RHSA-2020-0463:01 Low: OpenShift Container Platform 4.2.18

    Date12 Feb 2020
    369
    Posted ByLinuxSecurity Advisories
    An update for ose-installer-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Low: OpenShift Container Platform 4.2.18 ose-installer-container security update
    Advisory ID:       RHSA-2020:0463-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0463
    Issue date:        2020-02-12
    CVE Names:         CVE-2019-13734 CVE-2019-19335 
    =====================================================================
    
    1. Summary:
    
    An update for ose-installer-container is now available for Red Hat
    OpenShift Container Platform 4.2.
    
    Red Hat Product Security has rated this update as having a security impact
    of Low. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Security Fix(es):
    
    * openshift/installer: kubeconfig and kubeadmin-password are created with
    word-readable permissions (CVE-2019-19335)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    For OpenShift Container Platform 4.2 see the following documentation, which
    will be updated shortly for release 4.2.18, for important instructions on
    how to upgrade your cluster and fully apply this asynchronous errata
    update:
    
    https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
    - -cli.html.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1777209 - CVE-2019-19335 openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-13734
    https://access.redhat.com/security/cve/CVE-2019-19335
    https://access.redhat.com/security/updates/classification/#low
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkPhg9zjgjWX9erEAQhvGQ//R9xaejWGhe7FpWnNSwaK4bBcKJ4pDUiA
    hL2ivlopP+RkFfAwHahvM0PEALRRXgMh1DXfZA4tUZlM/v3SBovh+Fe7ia99rai2
    Px1kNTn6qm9SXnUTLkRIg4hnKJCZkAWLAwNhowifnCOQ8BSxXOu6/4AEUUpA0dnR
    YDnUliR/1rEqymSuspSWnkkFUgF3R/1Po8uoxDc3pF0ICYV1J2rZpjwFGD/vtrDO
    6vSA1zhLZWu+MTGDVimkCxXqCjmfiaFM5kGdKakzPmjDsNdPo1o+zHSVNnNByvS2
    mySyGlfEJzVIxgbU816bBMG9T2NEoYlxiGreueTQJ+Hp/2C/o2/Ct181+bZlGWh6
    n/o0bk2ZL1XPr7m/8/PUIMZqmSLE6vZ7eF19NZsjMRNUzlp50sUx0cU0epqRIFno
    WqNRUnT2J5D2lh+sHLjd78Veo2OPIw9zYA8TGIcl4EYkPYqxJ9nEr8CD8h3S40PV
    RylfskwWAyPWi5MNtASziE9MlJWfJInViWiJhwfxcqNZSxu5ecHatAjiyHnFWnrj
    2lET5gBV6nsYKB0DaU1S5fkNIeyXDV+xarmb8uQrgcqwQI4I8Usdosz7wVwBqbVr
    EFKHGTOp6mO4mbCIhF1XSiISTyV8TTo6Tu5xY6uqHHW1q+jPJ6EQ/2yE4q0evcgv
    pP6ZNqbhcEE=
    =AEx9
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"31","type":"x","order":"1","pct":91.18,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.88,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.94,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.