RedHat: RHSA-2020-2369:01 Moderate: Red Hat OpenShift Service Mesh

    Date 02 Jun 2020
    115
    Posted By LinuxSecurity Advisories
    An update for openshift-istio-kiali-rhel7-operator-container is now available for Openshift Service Mesh 1.0 and 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat OpenShift Service Mesh openshift-istio-kiali-rhel7-operator-container security update
    Advisory ID:       RHSA-2020:2369-01
    Product:           Red Hat OpenShift Service Mesh
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2369
    Issue date:        2020-06-02
    CVE Names:         CVE-2020-1704 
    =====================================================================
    
    1. Summary:
    
    An update for openshift-istio-kiali-rhel7-operator-container is now
    available for Openshift Service Mesh 1.0 and 1.1.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio
    service mesh project, tailored for installation into an on-premise
    OpenShift Container Platform installation.
    
    Security Fix(es):
    
    * openshift-service-mesh/kiali-rhel7-operator: /etc/passwd is given
    incorrect privileges (CVE-2020-1704)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1793305 - CVE-2020-1704 openshift-service-mesh/kiali-rhel7-operator: /etc/passwd is given incorrect privileges
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2020-1704
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXtZ/etzjgjWX9erEAQgkFxAAjzkpJea3qKIWkfiBVuLpRfeHkqVCvqrc
    oFVEWnJc6GwwMqHvhMbpJMkTS7rPVUpgc+LymYxbk54cmE2YKYiEH9e4tyMW0ecF
    PGF5C02YFCwRoPPJeFcnlY85ejt3EgNG0+H4lYb56FMS2zJ9Ejnf2eWHaANOkF4D
    qwv0uPaQV0/JZMbDycc9YbelvRBJD5dLwdUEzjxt76Q+hNxGxxsck1O9oxWqFhiM
    LSPYRsU0tJ4mPfXiNczywJsedeukixImAipGcTT9qOA8XXN2ppbNtkkO0ZWx/gwx
    xmZQPuPMtm7up/UF4tFlEOmVglkvmWv/DHEvsEvMW5o5ucnPLhzHxdEliGV1Sbhy
    3WxJVZBGAq//4K1rxoT4mkzi+J09qtuh0dtzWEOHcYS3/pJ/AkEkFvRGSs0D/Ztv
    F1CcPVLprz6EJfqVCN9g8eJPD+eP2tnKArnr54mhWG+FvwpU056Vfom2YJVnOIzs
    /4M4fWkJlW8+6Uz0RDELjnGjwa4WB20Iy630X4Ul6boAAdBVUUJz1tGoJbfGN4CG
    xu87ib7iURH8dD3NUmwc4y+C1qcIqGT1s10XXtEmX9YVcXBabJh3tQNsOthw9Zl3
    eUsciijPTRdnhhOUCTLTokD5zVjmM5PWS63F/fIE581t9JrjGvphTOaR31wYClZy
    B+nQup8qe4Q=
    =jzI/
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/32-how-do-you-feel-about-the-elimination-of-the-terms-blacklist-and-slave-from-the-linux-kernel?task=poll.vote&format=json
    32
    radio
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.