RedHat: RHSA-2020-1287:01 Critical: OpenShift Container Platform 3.11

    Date 07 Apr 2020
    295
    Posted By LinuxSecurity Advisories
    Red Hat OpenShift Container Platform release 3.11.200 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Critical: OpenShift Container Platform 3.11 security update
    Advisory ID:       RHSA-2020:1287-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1287
    Issue date:        2020-04-07
    CVE Names:         CVE-2019-18277 CVE-2019-19330 CVE-2020-11100 
    =====================================================================
    
    1. Summary:
    
    Red Hat OpenShift Container Platform release 3.11.200 is now available with
    updates to packages and images that fix several bugs.
    
    Red Hat Product Security has rated this update as having a security impact
    of Critical. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenShift Container Platform 3.11 - ppc64le, x86_64
    
    3. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Security Fix(es):
    
    * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
    (CVE-2020-11100)
    
    * haproxy: HTTP request smuggling issue with transfer-encoding header
    containing an obfuscated "chunked" value (CVE-2019-18277)
    
    * haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation
    attacks (CVE-2019-19330)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s)
    listed in the References section.
    
    4. Solution:
    
    Before applying this update, ensure all previously released errata relevant
    to your system is applied.
    
    See the following documentation, which will be updated shortly for release
    3.11.200, for important instructions on how to upgrade your cluster and
    fully
    apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r
    elease_notes.html
    
    This update is available via the Red Hat Network. Details on how to use the
    Red Hat Network to apply this update are available at
    https://access.redhat.com/articles/11258.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1759697 - CVE-2019-18277 haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value
    1777584 - CVE-2019-19330 haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks
    1819111 - CVE-2020-11100 haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes
    
    6. Package List:
    
    Red Hat OpenShift Container Platform 3.11:
    
    Source:
    haproxy-1.8.23-3.el7.src.rpm
    
    ppc64le:
    haproxy-debuginfo-1.8.23-3.el7.ppc64le.rpm
    haproxy18-1.8.23-3.el7.ppc64le.rpm
    
    x86_64:
    haproxy-debuginfo-1.8.23-3.el7.x86_64.rpm
    haproxy18-1.8.23-3.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-18277
    https://access.redhat.com/security/cve/CVE-2019-19330
    https://access.redhat.com/security/cve/CVE-2020-11100
    https://access.redhat.com/security/updates/classification/#critical
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXozYB9zjgjWX9erEAQiFDw/9GzQDPlmh+Odvdb/XkEX0pRlXHEGsS1O3
    Q0JQXqhSMMddRmiVRNcEksEuZ/yjAHdXIFdrS3fwht2puYlCwPTxVzEI+x77SM6u
    zlzj7JPlCeZrF6vfZlt/5Wzfex2IgNEVLFT7UZ8YdYqFjKXqE5fzhe23sJHYow21
    /2KtEO1Ab8M5I+B+My+FJOaLaqC/oZWYzLEB7Em9uutHMQVdAmtlL7lG0Vhu3Mjg
    xD7QuXkCMRNedQkEcChN7HlS6LJAvZ04vGh4ykwJnbBxmqAgcQkQY4AdUmHK2IWP
    O2J4ixlZF60e17z/TJnuamWhu47N32QfqQF/ZEdTuQF7Zf7F/PvpLyXdxf/0YaAJ
    VFQAqCMzzwH36N73FQbjwLkCsQtURonKvYlk7DOxguHJC7UdVJEQsgVPTdOLojY7
    +3vNrzXVLq4ZqWLSODqYDAweAMyDwyVhqcMVVIijMgDgA+9Uu8PiKaCLYFzJwkk4
    Yhqm2H/wVA2JiuGS/777AXwXspT2fiFjAgV7kIvMI+zHUGYLRCWrAS3tIbJdSKve
    cOPPzbcLzid8nRlScGFmj+qHfeu0T+FMZKYokB58gDPN4S+N/RuRLH66RX7P8ROj
    CdJOITl2TLETP3DJ9fXHFEY4A3DmPGEszQ6g3EvD/2Yw8s85Mvy7A+wQcq58p+hu
    rJcSPLttElE=
    =iA9l
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"96","type":"x","order":"1","pct":80,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.