RedHat: RHSA-2020-2412:01 Moderate: OpenShift Container Platform 4.5

    Date 13 Jul 2020
    150
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 4.5 container image security update
    Advisory ID:       RHSA-2020:2412-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:2412
    Issue date:        2020-07-13
    CVE Names:         CVE-2019-11254 CVE-2019-11358 CVE-2020-8558 
                       CVE-2020-9283 CVE-2020-10749 CVE-2020-11022 
                       CVE-2020-11023 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat OpenShift Container Platform 4.5.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Security Fix(es):
    
    * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys
    allowed for panic (CVE-2020-9283)
    
    * kubernetes: Denial of service in API server via crafted YAML payloads by
    authorized users (CVE-2019-11254)
    
    * js-jquery: prototype pollution in object's prototype led to denial of
    service or remote code execution or property injection (CVE-2019-11358)
    
    * kubernetes: node localhost services reachable via martian packets
    (CVE-2020-8558)
    
    * containernetworking/plugins: IPv6 router advertisements allowed for MitM
    attacks on IPv4 clusters (CVE-2020-10749)
    
    * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter
    method (CVE-2020-11022)
    
    * jQuery: passing HTML containing 

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":25,"resources":[]},{"id":"123","title":"No ","votes":"2","type":"x","order":"2","pct":50,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.