Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-5198:01 Moderate: Red Hat OpenShift Jaeger security update

    Date 23 Nov 2020
    336
    Posted By LinuxSecurity Advisories
    An update is now available for Red Hat OpenShift Jaeger 1.20. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: Red Hat OpenShift Jaeger security update
    Advisory ID:       RHSA-2020:5198-01
    Product:           Red Hat OpenShift Jaeger
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5198
    Issue date:        2020-11-24
    CVE Names:         CVE-2019-19794 CVE-2020-14040 
    =====================================================================
    
    1. Summary:
    
    An update is now available for Red Hat OpenShift Jaeger 1.20.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
    tailored for installation into an on-premise OpenShift Container Platform
    installation.
    
    Security Fix(es):
    
    * golang-github-miekg-dns: predictable TXID can lead to response forgeries
    (CVE-2019-19794)
    
    * golang.org/x/text: possibility to trigger an infinite loop in
    encoding/unicode could lead to crash (CVE-2020-14040)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    3. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://docs.openshift.com/container-platform/4.6/jaeger/jaeger_install/rhb
    jaeger-updating.html
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1786761 - CVE-2019-19794 golang-github-miekg-dns: predictable TXID can lead to response forgeries
    1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2019-19794
    https://access.redhat.com/security/cve/CVE-2020-14040
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX7zMkdzjgjWX9erEAQiRbhAAgW9U5WTt6AURoOQaPIgKGc4OUZU42y0Z
    THJIKcn1k2B2AkG1q27Gm2MYWwRyDMy6rIuE5cOVXgqbl2TrdG4weBfQUik3aK2G
    HWMI0gFsCFqOCS8ib33wVWaFVGKLBKvflKndDbTz2EYcm6+U4R30z6yk9PQes7V6
    CFJ0lF8mLXbMf0YKo1m18SAghw/YurhrhxbRhVZgnNT6plgvI3jWlqtEEnVgrh6Q
    s6WaNY5bU+9/LFIm4Rnn9gW+9ONHu20jWm4Qd+X00tSMXnxb0pZR77jS7jr1qTkV
    jGOc3OUVFZf+se9BhcZFvE47/mw8dr8Q6cKXoPjwVbXZQoj/I5Li9UzTVGoY7gfi
    7+yfPFNaAO9RFI8XJs4xApDWmJ18KnsmtapmDjEBvHW+qnO1dd8vBkEbtO8wm8Pg
    mIIDjMX4vV1pFdtYBFkD2bPDKT86ZObJWPGBfHPgCDgrGDFQ1gkhCf3UclzACsud
    ACaVDBh33c1OuMwi42vSAR/iweVvE4YOCAOWendi5ycNseJqPFfoTuJvygtZ4EL6
    XYUmAYqZU54yRWTbon/MM4iFlD84jGLVDGHt3gGurVV705LI/6IJgFB8nzsTNo/h
    uxmjRigud7QChCezt1FYn9J8TnQnVll7a8h3IW6HJexu8PoTvC7QofkTc1ligVOx
    nKzxJ1E/lMg=
    =VF1A
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.