Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4264:01 Low: OpenShift Container Platform 4.3.40 security

    Date 20 Oct 2020
    192
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat OpenShift Container Platform 4.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Low: OpenShift Container Platform 4.3.40 security and bug fix update
    Advisory ID:       RHSA-2020:4264-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4264
    Issue date:        2020-10-20
    CVE Names:         CVE-2017-12652 CVE-2017-18190 CVE-2018-20843 
                       CVE-2019-2974 CVE-2019-5094 CVE-2019-5188 
                       CVE-2019-5482 CVE-2019-8675 CVE-2019-8696 
                       CVE-2019-11068 CVE-2019-11719 CVE-2019-11727 
                       CVE-2019-11756 CVE-2019-12450 CVE-2019-12749 
                       CVE-2019-14822 CVE-2019-14866 CVE-2019-14973 
                       CVE-2019-15903 CVE-2019-16935 CVE-2019-17006 
                       CVE-2019-17023 CVE-2019-17498 CVE-2019-17546 
                       CVE-2019-18197 CVE-2019-19126 CVE-2019-19956 
                       CVE-2019-20386 CVE-2019-20388 CVE-2020-2181 
                       CVE-2020-2182 CVE-2020-2224 CVE-2020-2225 
                       CVE-2020-2226 CVE-2020-2574 CVE-2020-2752 
                       CVE-2020-2780 CVE-2020-2812 CVE-2020-6829 
                       CVE-2020-7595 CVE-2020-8492 CVE-2020-9283 
                       CVE-2020-12243 CVE-2020-12400 CVE-2020-12401 
                       CVE-2020-12402 CVE-2020-12403 CVE-2020-12825 
                       CVE-2020-14352 CVE-2020-24750 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat OpenShift Container Platform 4.3.
    
    Red Hat Product Security has rated this update as having a security impact
    of Low. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    
    Security Fix(es):
    
    * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows
    for panic (CVE-2020-9283)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * Gather image registry config (backport to 4.3) (BZ#1836815)
    
    * Builds fail after running postCommit script if OCP cluster is configured
    with a container registry whitelist (BZ#1849176)
    
    * Login with OpenShift not working after cluster upgrade (BZ#1852429)
    
    * Limit the size of gathered federated metrics from alerts in Insights
    Operator (BZ#1874018)
    
    * [4.3] Storage operator stops reconciling when going Upgradeable=False on
    v1alpha1 CRDs (BZ#1879110)
    
    * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes
    after one of master nodes went down(OAuth) (BZ#1880293)
    
    You may download the oc tool and use it to inspect release image metadata
    as follows:
    
    (For x86_64 architecture)
    
      $ oc adm release info
    quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
    
    The image digest is
    sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
    
    (For s390x architecture)
    
      $ oc adm release info
    quay.io/openshift-release-dev/ocp-release:4.3.40-s390x
    The image digest is
    sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
    
    (For ppc64le architecture)
    
      $ oc adm release info
    quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
    
    The image digest is
    sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
    
    3. Solution:
    
    For OpenShift Container Platform 4.3 see the following documentation, which
    will be updated shortly for this release, for important instructions on how
    to upgrade your cluster and fully apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.3/updating/updating-cluster
    - -cli.html.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
    1836815 - Gather image registry config (backport to 4.3)
    1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist
    1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator
    1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized
    1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2017-12652
    https://access.redhat.com/security/cve/CVE-2017-18190
    https://access.redhat.com/security/cve/CVE-2018-20843
    https://access.redhat.com/security/cve/CVE-2019-2974
    https://access.redhat.com/security/cve/CVE-2019-5094
    https://access.redhat.com/security/cve/CVE-2019-5188
    https://access.redhat.com/security/cve/CVE-2019-5482
    https://access.redhat.com/security/cve/CVE-2019-8675
    https://access.redhat.com/security/cve/CVE-2019-8696
    https://access.redhat.com/security/cve/CVE-2019-11068
    https://access.redhat.com/security/cve/CVE-2019-11719
    https://access.redhat.com/security/cve/CVE-2019-11727
    https://access.redhat.com/security/cve/CVE-2019-11756
    https://access.redhat.com/security/cve/CVE-2019-12450
    https://access.redhat.com/security/cve/CVE-2019-12749
    https://access.redhat.com/security/cve/CVE-2019-14822
    https://access.redhat.com/security/cve/CVE-2019-14866
    https://access.redhat.com/security/cve/CVE-2019-14973
    https://access.redhat.com/security/cve/CVE-2019-15903
    https://access.redhat.com/security/cve/CVE-2019-16935
    https://access.redhat.com/security/cve/CVE-2019-17006
    https://access.redhat.com/security/cve/CVE-2019-17023
    https://access.redhat.com/security/cve/CVE-2019-17498
    https://access.redhat.com/security/cve/CVE-2019-17546
    https://access.redhat.com/security/cve/CVE-2019-18197
    https://access.redhat.com/security/cve/CVE-2019-19126
    https://access.redhat.com/security/cve/CVE-2019-19956
    https://access.redhat.com/security/cve/CVE-2019-20386
    https://access.redhat.com/security/cve/CVE-2019-20388
    https://access.redhat.com/security/cve/CVE-2020-2181
    https://access.redhat.com/security/cve/CVE-2020-2182
    https://access.redhat.com/security/cve/CVE-2020-2224
    https://access.redhat.com/security/cve/CVE-2020-2225
    https://access.redhat.com/security/cve/CVE-2020-2226
    https://access.redhat.com/security/cve/CVE-2020-2574
    https://access.redhat.com/security/cve/CVE-2020-2752
    https://access.redhat.com/security/cve/CVE-2020-2780
    https://access.redhat.com/security/cve/CVE-2020-2812
    https://access.redhat.com/security/cve/CVE-2020-6829
    https://access.redhat.com/security/cve/CVE-2020-7595
    https://access.redhat.com/security/cve/CVE-2020-8492
    https://access.redhat.com/security/cve/CVE-2020-9283
    https://access.redhat.com/security/cve/CVE-2020-12243
    https://access.redhat.com/security/cve/CVE-2020-12400
    https://access.redhat.com/security/cve/CVE-2020-12401
    https://access.redhat.com/security/cve/CVE-2020-12402
    https://access.redhat.com/security/cve/CVE-2020-12403
    https://access.redhat.com/security/cve/CVE-2020-12825
    https://access.redhat.com/security/cve/CVE-2020-14352
    https://access.redhat.com/security/cve/CVE-2020-24750
    https://access.redhat.com/security/updates/classification/#low
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX49gEtzjgjWX9erEAQimmhAAnMxBmgEJRvi2IZBxfGh+cTjo/D6RRkVi
    bFbFw/bU8Zkgt/UY0228ijuDvsOMTMgRd97spx6I8gE5/ponzGNv7qvwVFWpIjp1
    +g5B5LO6SyojYxT/DMS30gme9N7QDHFJ0z6Sloaa/YlXznMc+7vBb2o2gWbDipa1
    lqRhaPxURXisTbSEJljD7PSatUFLCkYvfoJGW7YDGyEbGHVnl4qgvk0GSMPniRaw
    Cfz5e0yKPtH1SFZOKwnVEpvKdwHTKzq+bMn3lM64NHsvDNKZ/GxhbRHHmSOqucpw
    QXdeHFB2+tQ0CTt19PWOEwNuG5KZ3kjCPRJmEgc8CAs5cpHkGGboyIxA/ascBD8b
    zvQbkkzYYn26YQxfMUF5EgnU37iRhYh/9VGTczn2bP5NL8OECVsz//tzAXvoBchD
    9RMgzRB7WrnPWochMC2L9ZHfnTU17EomC+OW5WAiPbz0ltf/0UoCX9TrDIESOIzy
    XQcEYSR894Zyr91y9wy+EC7ib80PLheLq9eluE3loX8VyYsRiSGE2ZD6SBgW2rxy
    WEjRPFtTUgrIWc7gyfSVKDvUrcCK98VyUGug4GkFbqRpSQUXTAxjv94zpcJbr9Xx
    7wWnHqixM9YsHhr98ZaagRiFBaVXZ1bKirXJZySDAhc163kslXRHIE0ux9BysdSE
    TOsaaxyVzGg=
    =qQjN
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.