Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

RedHat: RHSA-2020:3370-01 Low: Jaeger Container Security Update

red hat
Calendar Grey August 6, 2020
Dist Redhat Esm H88
Red Hat OpenShift Jaeger version 1.17.6 has received a security update, assessed as low severity, with essential details included.
An update is now available for Jaeger-1.17

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

jaeger-updating.html

Summary

Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation.
Security Fix(es):
* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
* nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory update security impact low red hat openshift container image

References

https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-9283 https://access.redhat.com/security/updates/classification#low

Package List


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:3370-01
Product: Red Hat OpenShift Jaeger
Advisory URL: Issue date: 2020-08-06

Topic

An update is now available for Jaeger-1.17.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory update security impact low red hat openshift container image

Relevant Releases Architectures

Bugs Fixed

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic

1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here