Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4297:01 Moderate: OpenShift Container Platform 4.6.1

    Date 27 Oct 2020
    180
    Posted By LinuxSecurity Advisories
    An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 4.6.1 package security update
    Advisory ID:       RHSA-2020:4297-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4297
    Issue date:        2020-10-27
    CVE Names:         CVE-2019-16541 CVE-2020-2252 CVE-2020-2254 
                       CVE-2020-2255 CVE-2020-8564 CVE-2020-14040 
                       CVE-2020-14370 CVE-2020-16845 
    =====================================================================
    
    1. Summary:
    
    An update for jenkins-2-plugins, openshift-clients, podman, runc, and
    skopeo is now available for Red Hat OpenShift Container Platform 4.6.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenShift Container Platform 4.6 - noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The podman tool manages pods, container images, and containers. It is part
    of the libpod library, which is for applications that use container pods.
    Container pods is a concept in Kubernetes.
    
    The runC tool is a lightweight, portable implementation of the Open
    Container Format (OCF) that provides container runtime.
    
    The skopeo command lets you inspect images from container image registries,
    get images and image layers, and use signatures to create and verify files.
    
    Security Fix(es):
    
    * jenkins-jira-plugin: plugin information disclosure (CVE-2019-16541)
    
    * jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin
    could result in MITM (CVE-2020-2252)
    
    * jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean
    Plugin could allow to read arbitrary files (CVE-2020-2254)
    
    * jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform
    permission checks in several HTTP endpoints implementing connection tests.
    (CVE-2020-2255)
    
    * kubernetes: Docker config secrets leaked when file is malformed and
    loglevel >= 4 (CVE-2020-8564)
    
    * golang.org/x/text: possibility to trigger an infinite loop in
    encoding/unicode could lead to crash (CVE-2020-14040)
    
    * podman: environment variables leak between containers when started via
    Varlink or Docker-compatible REST API (CVE-2020-14370)
    
    * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes
    from invalid inputs (CVE-2020-16845)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For OpenShift Container Platform 4.6 see the following documentation, which
    will be updated shortly for this release, for important instructions on how
    to upgrade your cluster and fully apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
    - -cli.html.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1819663 - CVE-2019-16541 jenkins-jira-plugin: plugin information disclosure
    1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
    1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
    1874268 - CVE-2020-14370 podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API
    1880454 - CVE-2020-2252 jenkins-2-plugins/mailer: Missing hostname validation in Mailer Plugin could result in MITM
    1880456 - CVE-2020-2254 jenkins-2-plugins/blueocean: Path traversal vulnerability in Blue Ocean Plugin could allow to read arbitrary files
    1880460 - CVE-2020-2255 jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.
    1886637 - CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
    
    6. Package List:
    
    Red Hat OpenShift Container Platform 4.6:
    
    Source:
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el7.src.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el7.src.rpm
    
    x86_64:
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64.rpm
    openshift-clients-redistributable-4.6.0-202010081244.p0.git.3794.4743d24.el7.x86_64.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64.rpm
    runc-debuginfo-1.0.0-81.rhaos4.6.git5b757d4.el7.x86_64.rpm
    
    Red Hat OpenShift Container Platform 4.6:
    
    Source:
    jenkins-2-plugins-4.6.1601368321-1.el8.src.rpm
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el8.src.rpm
    podman-1.9.3-3.rhaos4.6.el8.src.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el8.src.rpm
    skopeo-1.1.1-2.rhaos4.6.el8.src.rpm
    
    noarch:
    jenkins-2-plugins-4.6.1601368321-1.el8.noarch.rpm
    podman-docker-1.9.3-3.rhaos4.6.el8.noarch.rpm
    
    ppc64le:
    containers-common-1.1.1-2.rhaos4.6.el8.ppc64le.rpm
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el8.ppc64le.rpm
    podman-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    podman-debuginfo-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    podman-debugsource-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    podman-remote-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    podman-remote-debuginfo-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    podman-tests-1.9.3-3.rhaos4.6.el8.ppc64le.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le.rpm
    runc-debuginfo-1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le.rpm
    runc-debugsource-1.0.0-81.rhaos4.6.git5b757d4.el8.ppc64le.rpm
    skopeo-1.1.1-2.rhaos4.6.el8.ppc64le.rpm
    skopeo-debuginfo-1.1.1-2.rhaos4.6.el8.ppc64le.rpm
    skopeo-debugsource-1.1.1-2.rhaos4.6.el8.ppc64le.rpm
    skopeo-tests-1.1.1-2.rhaos4.6.el8.ppc64le.rpm
    
    s390x:
    containers-common-1.1.1-2.rhaos4.6.el8.s390x.rpm
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el8.s390x.rpm
    podman-1.9.3-3.rhaos4.6.el8.s390x.rpm
    podman-debuginfo-1.9.3-3.rhaos4.6.el8.s390x.rpm
    podman-debugsource-1.9.3-3.rhaos4.6.el8.s390x.rpm
    podman-remote-1.9.3-3.rhaos4.6.el8.s390x.rpm
    podman-remote-debuginfo-1.9.3-3.rhaos4.6.el8.s390x.rpm
    podman-tests-1.9.3-3.rhaos4.6.el8.s390x.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el8.s390x.rpm
    runc-debuginfo-1.0.0-81.rhaos4.6.git5b757d4.el8.s390x.rpm
    runc-debugsource-1.0.0-81.rhaos4.6.git5b757d4.el8.s390x.rpm
    skopeo-1.1.1-2.rhaos4.6.el8.s390x.rpm
    skopeo-debuginfo-1.1.1-2.rhaos4.6.el8.s390x.rpm
    skopeo-debugsource-1.1.1-2.rhaos4.6.el8.s390x.rpm
    skopeo-tests-1.1.1-2.rhaos4.6.el8.s390x.rpm
    
    x86_64:
    containers-common-1.1.1-2.rhaos4.6.el8.x86_64.rpm
    openshift-clients-4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64.rpm
    openshift-clients-redistributable-4.6.0-202010081244.p0.git.3794.4743d24.el8.x86_64.rpm
    podman-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    podman-debuginfo-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    podman-debugsource-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    podman-remote-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    podman-remote-debuginfo-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    podman-tests-1.9.3-3.rhaos4.6.el8.x86_64.rpm
    runc-1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64.rpm
    runc-debuginfo-1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64.rpm
    runc-debugsource-1.0.0-81.rhaos4.6.git5b757d4.el8.x86_64.rpm
    skopeo-1.1.1-2.rhaos4.6.el8.x86_64.rpm
    skopeo-debuginfo-1.1.1-2.rhaos4.6.el8.x86_64.rpm
    skopeo-debugsource-1.1.1-2.rhaos4.6.el8.x86_64.rpm
    skopeo-tests-1.1.1-2.rhaos4.6.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-16541
    https://access.redhat.com/security/cve/CVE-2020-2252
    https://access.redhat.com/security/cve/CVE-2020-2254
    https://access.redhat.com/security/cve/CVE-2020-2255
    https://access.redhat.com/security/cve/CVE-2020-8564
    https://access.redhat.com/security/cve/CVE-2020-14040
    https://access.redhat.com/security/cve/CVE-2020-14370
    https://access.redhat.com/security/cve/CVE-2020-16845
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX5g1FNzjgjWX9erEAQhfKw/9HZ8kEz+eUKyypH7luedo+O5zm0Ocins5
    iDsPll+InM9WF/zQE/VFbu0EZYGqCjkjKdwyNq30tRdZIJVrjd68yKmRwgwdmjHO
    Xy6JGd9wAG0DadkvIuCqdy+Q0gqHJt7+YiVRaya8/lBAWCtKPdhIyPEEZ90/Fe5q
    JW62U57KAt+xVMtLSTcEo8JnCmXxiTceNwIErUtkoKhfD1pEHk7QPYM2qhNzIVrk
    1gA5GR0U1cFuHxf+pZAFlosNQZ/xHmTn8ezJR04KbpZL/3XVRGkk4+V595MPbzRQ
    Ve8rFQVEmD+mvCGLmNFy8SmHiAGSYDtncin3NVyblqgt989+617CjWsSZBV4x5f0
    K77VqZU4ZuDPR6hgQ3vCi1xQz4V0DXL5uf1VrYzcLseoZ4j09S7DQ38XJrf4o7kR
    kHZwyYNaEsQUEOIoSgr4Bdk9XuTXFA/wjOc6fhg8W+RHpTX8tw+grnATW/zUyFSt
    n9nQ8l2XIlHz9gP0kI8qWoDfawcVkObECMrxyP4GWllia18X3QoIwUtpFrxRcDty
    pYFX8c1HtXKWnA4AZmeU1YYWNe52zpIp5Ga9aFoxD/l89JsJb2ia5Xwz7qNqOQv0
    Fk3zszYHJfqDNWjWNJ2Q85IOND5HxkY6DwGObPY7SDXc9oVRDRuPwL/RyNbgSZtC
    2BBNMjU4USI=
    =S1NZ
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.