Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2021-0190:01 Moderate: OpenShift Container Platform 4.6

    Date 19 Jan 2021
    389
    Posted By LinuxSecurity Advisories
    An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container is now available for Red Hat OpenShift Container Platform 4.6.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
    Advisory ID:       RHSA-2021:0190-01
    Product:           Red Hat OpenShift Enterprise
    Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0190
    Issue date:        2021-01-19
    CVE Names:         CVE-2018-20843 CVE-2019-1551 CVE-2019-5018 
                       CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 
                       CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 
                       CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 
                       CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 
                       CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 
                       CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 
                       CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 
                       CVE-2019-8844 CVE-2019-8846 CVE-2019-11068 
                       CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 
                       CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 
                       CVE-2019-16935 CVE-2019-17450 CVE-2019-18197 
                       CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 
                       CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 
                       CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 
                       CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 
                       CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 
                       CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 
                       CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 
                       CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 
                       CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 
                       CVE-2020-6405 CVE-2020-7595 CVE-2020-8177 
                       CVE-2020-8492 CVE-2020-9327 CVE-2020-9802 
                       CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 
                       CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 
                       CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 
                       CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 
                       CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 
                       CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 
                       CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 
                       CVE-2020-15503 CVE-2020-24659 CVE-2020-27813 
    =====================================================================
    
    1. Summary:
    
    An update for compliance-content-container,
    ose-compliance-openscap-container, ose-compliance-operator-container, and
    ose-compliance-operator-metadata-container is now available for Red Hat
    OpenShift Container Platform 4.6.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Description:
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or private
    cloud deployments.
    The compliance-operator image updates are now available for OpenShift
    Container Platform 4.6.
    
    Security Fix(es):
    
    * golang-github-gorilla-websocket: integer overflow leads to denial of
    service (CVE-2020-27813)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
    
    * The compliancesuite object returns error with ocp4-cis tailored profile
    (BZ#1902251)
    
    * The compliancesuite does not trigger when there are multiple rhcos4
    profiles added in scansettingbinding object (BZ#1902634)
    
    * [OCP v46] Not all remediations get applied through machineConfig although
    the status of all rules shows Applied in ComplianceRemediations object
    (BZ#1907414)
    
    * The profile parser pod deployment and associated profiles should get
    removed after upgrade the compliance operator (BZ#1908991)
    
    * Applying the "rhcos4-moderate" compliance profile leads to Ignition error
    "something else exists at that path" (BZ#1909081)
    
    * [OCP v46] Always update the default profilebundles on Compliance operator
    startup (BZ#1909122)
    
    3. Solution:
    
    For OpenShift Container Platform 4.6 see the following documentation, which
    will be updated shortly for this release, for important instructions on how
    to upgrade your cluster and fully apply this asynchronous errata update:
    
    https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel
    ease-notes.html
    
    Details on how to access this content are available at
    https://docs.openshift.com/container-platform/4.6/updating/updating-cluster
    - -cli.html.
    
    4. Bugs fixed (https://bugzilla.redhat.com/):
    
    1899479 - Aggregator pod tries to parse ConfigMaps without results
    1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
    1902251 - The compliancesuite object returns error with ocp4-cis tailored profile
    1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object
    1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object
    1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator
    1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path"
    1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
    
    5. References:
    
    https://access.redhat.com/security/cve/CVE-2018-20843
    https://access.redhat.com/security/cve/CVE-2019-1551
    https://access.redhat.com/security/cve/CVE-2019-5018
    https://access.redhat.com/security/cve/CVE-2019-8625
    https://access.redhat.com/security/cve/CVE-2019-8710
    https://access.redhat.com/security/cve/CVE-2019-8720
    https://access.redhat.com/security/cve/CVE-2019-8743
    https://access.redhat.com/security/cve/CVE-2019-8764
    https://access.redhat.com/security/cve/CVE-2019-8766
    https://access.redhat.com/security/cve/CVE-2019-8769
    https://access.redhat.com/security/cve/CVE-2019-8771
    https://access.redhat.com/security/cve/CVE-2019-8782
    https://access.redhat.com/security/cve/CVE-2019-8783
    https://access.redhat.com/security/cve/CVE-2019-8808
    https://access.redhat.com/security/cve/CVE-2019-8811
    https://access.redhat.com/security/cve/CVE-2019-8812
    https://access.redhat.com/security/cve/CVE-2019-8813
    https://access.redhat.com/security/cve/CVE-2019-8814
    https://access.redhat.com/security/cve/CVE-2019-8815
    https://access.redhat.com/security/cve/CVE-2019-8816
    https://access.redhat.com/security/cve/CVE-2019-8819
    https://access.redhat.com/security/cve/CVE-2019-8820
    https://access.redhat.com/security/cve/CVE-2019-8823
    https://access.redhat.com/security/cve/CVE-2019-8835
    https://access.redhat.com/security/cve/CVE-2019-8844
    https://access.redhat.com/security/cve/CVE-2019-8846
    https://access.redhat.com/security/cve/CVE-2019-11068
    https://access.redhat.com/security/cve/CVE-2019-13050
    https://access.redhat.com/security/cve/CVE-2019-13627
    https://access.redhat.com/security/cve/CVE-2019-14889
    https://access.redhat.com/security/cve/CVE-2019-15165
    https://access.redhat.com/security/cve/CVE-2019-15903
    https://access.redhat.com/security/cve/CVE-2019-16168
    https://access.redhat.com/security/cve/CVE-2019-16935
    https://access.redhat.com/security/cve/CVE-2019-17450
    https://access.redhat.com/security/cve/CVE-2019-18197
    https://access.redhat.com/security/cve/CVE-2019-19221
    https://access.redhat.com/security/cve/CVE-2019-19906
    https://access.redhat.com/security/cve/CVE-2019-19956
    https://access.redhat.com/security/cve/CVE-2019-20218
    https://access.redhat.com/security/cve/CVE-2019-20387
    https://access.redhat.com/security/cve/CVE-2019-20388
    https://access.redhat.com/security/cve/CVE-2019-20454
    https://access.redhat.com/security/cve/CVE-2019-20807
    https://access.redhat.com/security/cve/CVE-2019-20907
    https://access.redhat.com/security/cve/CVE-2019-20916
    https://access.redhat.com/security/cve/CVE-2020-1730
    https://access.redhat.com/security/cve/CVE-2020-1751
    https://access.redhat.com/security/cve/CVE-2020-1752
    https://access.redhat.com/security/cve/CVE-2020-1971
    https://access.redhat.com/security/cve/CVE-2020-3862
    https://access.redhat.com/security/cve/CVE-2020-3864
    https://access.redhat.com/security/cve/CVE-2020-3865
    https://access.redhat.com/security/cve/CVE-2020-3867
    https://access.redhat.com/security/cve/CVE-2020-3868
    https://access.redhat.com/security/cve/CVE-2020-3885
    https://access.redhat.com/security/cve/CVE-2020-3894
    https://access.redhat.com/security/cve/CVE-2020-3895
    https://access.redhat.com/security/cve/CVE-2020-3897
    https://access.redhat.com/security/cve/CVE-2020-3899
    https://access.redhat.com/security/cve/CVE-2020-3900
    https://access.redhat.com/security/cve/CVE-2020-3901
    https://access.redhat.com/security/cve/CVE-2020-3902
    https://access.redhat.com/security/cve/CVE-2020-6405
    https://access.redhat.com/security/cve/CVE-2020-7595
    https://access.redhat.com/security/cve/CVE-2020-8177
    https://access.redhat.com/security/cve/CVE-2020-8492
    https://access.redhat.com/security/cve/CVE-2020-9327
    https://access.redhat.com/security/cve/CVE-2020-9802
    https://access.redhat.com/security/cve/CVE-2020-9803
    https://access.redhat.com/security/cve/CVE-2020-9805
    https://access.redhat.com/security/cve/CVE-2020-9806
    https://access.redhat.com/security/cve/CVE-2020-9807
    https://access.redhat.com/security/cve/CVE-2020-9843
    https://access.redhat.com/security/cve/CVE-2020-9850
    https://access.redhat.com/security/cve/CVE-2020-9862
    https://access.redhat.com/security/cve/CVE-2020-9893
    https://access.redhat.com/security/cve/CVE-2020-9894
    https://access.redhat.com/security/cve/CVE-2020-9895
    https://access.redhat.com/security/cve/CVE-2020-9915
    https://access.redhat.com/security/cve/CVE-2020-9925
    https://access.redhat.com/security/cve/CVE-2020-10018
    https://access.redhat.com/security/cve/CVE-2020-10029
    https://access.redhat.com/security/cve/CVE-2020-11793
    https://access.redhat.com/security/cve/CVE-2020-13630
    https://access.redhat.com/security/cve/CVE-2020-13631
    https://access.redhat.com/security/cve/CVE-2020-13632
    https://access.redhat.com/security/cve/CVE-2020-14382
    https://access.redhat.com/security/cve/CVE-2020-14391
    https://access.redhat.com/security/cve/CVE-2020-14422
    https://access.redhat.com/security/cve/CVE-2020-15503
    https://access.redhat.com/security/cve/CVE-2020-24659
    https://access.redhat.com/security/cve/CVE-2020-27813
    https://access.redhat.com/security/updates/classification/#moderate
    
    6. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2021 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBYAblAtzjgjWX9erEAQjf/Q//YNdFlDK9QrIbBGzkynIbI5Yj4Mm2vDRv
    P9MA8zRy9e9BC1uiTPYj4ifQLm2hnPi4CEjLrOsPY8J3Q0/goLTXuZhb+a3bU2NW
    F/OrLE8/Igc8fkBhvoc+1jwWMC3V7sEw/b30mGOYXyKHkvBZRv099HxnT5sV50MM
    aFA0itRzgmfsJrPrvu2ax5jO/xE2RflXs2J77PyZsisRaJYYEboRjappyXFvg4GR
    b62pctQwb8CDh68FAqOULflEQrbrdg0wjKGWpD+Hj0FCPkvvJDFoWANBH+zR3K20
    CYYnpXRNSPmPVi0vQRql+Uda8u50OYn7UcL7kMELaHWGFqssdrW2vgeKR/cXFKaC
    lJjgDS/VJ9mVWeQ5EdJhqcFIkQ3bEr9JocfSQets8u/9ionzCQfXvJLmILWXH3la
    s5FqjEhDB7o58agzaDFr896VDbm1e9IIFRbj+1lQt0RCTmQMdpR/fDcSq8yqIxt3
    JHN00w3KcdRLNyuROSdgyWXCodZbsedIdFnmEPo9Gcua4p+y8JLXJHUM5jLDyrgP
    Aov70YZ02GXmRJ6gtB5PJi6wDKYI6qSI98tTKHBCHObDyAYqoq/tXL4LBOEgLZ3k
    M6rYHTdJAXUZnmkuWg7Tm7W8gpDIDHj/66AxD5IuZFSbO0jD3LqEkDgRhzkwLr0a
    KI+n4hxjzV0=
    =+kgB
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Which is the best secure Linux distro for pentesting?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/50-which-is-the-best-secure-linux-distro-for-pentesting?task=poll.vote&format=json
    50
    radio
    [{"id":"174","title":"Kali Linux","votes":"9","type":"x","order":"1","pct":56.25,"resources":[]},{"id":"175","title":"Parrot OS","votes":"7","type":"x","order":"2","pct":43.75,"resources":[]},{"id":"176","title":"BlackArch Linux","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.